injective-core-detect-changes
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The workflow fetches GitHub release notes and a CHANGELOG.md from InjectiveLabs/injective-core at runtime (public web content authored by third parties), then passes the extracted text into the
devrel-detect-breaking-changesagent for LLM analysis—an outsider free-text injection surface.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching release notes and changelogs at runtime (e.g., https://github.com/InjectiveLabs/injective-core/releases/tag/v1.20.0 and https://github.com/InjectiveLabs/injective-core/blob/release/v1.20.x/CHANGELOG.md) and cloning the repository git@github.com:InjectiveFoundation/injective-core.git so that that remote content is ingested and directly drives the agent's analysis of breaking changes.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata