skills/l3digital-net/claude-code-plugins/repo-manager/Snyk

repo-manager

Warn

Audited by Snyk on Mar 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and applies repository content from GitHub via the gh-manager helper (e.g., "repos classify" in Step 4 and "files get --path .github-repo-manager.yml" in Step 5), which are untrusted, user-generated third-party files whose contents (tier/config) directly influence agent decisions and actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 18, 2026, 01:37 PM

Issues

1

Security Audit — snyk — repo-manager