code-security-audit

Warn

Audited by Snyk on Jul 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider-authored free text from the PR body/description and file patches is fetched at runtime from GitHub’s API (e.g., GitHubActionClient.get_pr_data() and get_pr_diff()), then embedded into the LLM prompt via get_security_audit_prompt() and also into Claude API filtering prompts via pr_context/file_content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The GitHub Action (action.yml) installs and runs external tooling at runtime—notably npm install -g @anthropic-ai/claude-code (fetched from the npm registry, e.g. https://registry.npmjs.org/@anthropic-ai/claude-code) and pip install -r claudecode/requirements.txt which pulls the anthropic Python package from PyPI (https://pypi.org/project/anthropic/)—and then invokes the claude CLI/subprocess to execute prompts, so remote code fetched during runtime is executed and directly controls the agent's prompt execution.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 08:06 AM
Issues
2
Security Audit — snyk — code-security-audit