code-security-audit
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text from the PR body/description and file patches is fetched at runtime from GitHub’s API (e.g.,
GitHubActionClient.get_pr_data()andget_pr_diff()), then embedded into the LLM prompt viaget_security_audit_prompt()and also into Claude API filtering prompts viapr_context/file_content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The GitHub Action (action.yml) installs and runs external tooling at runtime—notably
npm install -g @anthropic-ai/claude-code(fetched from the npm registry, e.g. https://registry.npmjs.org/@anthropic-ai/claude-code) andpip install -r claudecode/requirements.txtwhich pulls theanthropicPython package from PyPI (https://pypi.org/project/anthropic/)—and then invokes theclaudeCLI/subprocess to execute prompts, so remote code fetched during runtime is executed and directly controls the agent's prompt execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata