skills/iancleary/dotfiles/git-push-pr/Snyk

git-push-pr

Warn

Audited by Snyk on Mar 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The workflow explicitly runs "gh pr view --json number,title,body" to read PR title/body from GitHub (user-generated, public content) and then preserves/edits that content with "gh pr edit", so untrusted third-party PR content is read and can materially influence the agent's actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 29, 2026, 03:28 AM

Issues

1

Security Audit — snyk — git-push-pr