docs-workflow
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text can enter the LLM context when Step 1/2/3 run the underlying skills on PRs, because those skills will read PR metadata/body and/or diff content authored by other contributors (e.g., the PR body text and changed files from the selected GitHub PRs) and then generate outputs from that text.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata