pr-loop
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The
pr-loopruntime workflow ingests PR reviewer content by callingpr_status.dart, which fetches PR GraphQL data (includinggraphData.commentsandgraphData.reviewThreads) from GitHub; those comments/threads are authored by outsiders (e.g.,gemini-code-assist/gemini-code-reviewand other reviewers) and are read as free-textcomment.bodyinto the agent’s LLM context for decision-making.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata