release

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The workflow ingests commit messages via git log --oneline <previous-tag>..HEAD, and those commit messages are authored by outside contributors (e.g., PR authors) and become readable text in the agent’s LLM context when used to generate release notes.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 11:22 PM
Issues
1