docs-pr-check

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill’s required runtime workflow uses gh pr view ... --json title,body,files,labels to ingest the PR body text (and potentially file paths/content metadata) from the grafana/tempo repo; PR authors are typically outsiders relative to the operating user, so this is outsider-authored free text entering the agent context via the GitHub PR body.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 09:17 AM
Issues
1
Security Audit — snyk — docs-pr-check