skills/mgiovani/skills/review-deps/Snyk

review-deps

Warn

Audited by Snyk on May 9, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches GitHub Dependabot alerts via the gh api (repos/{owner}/{repo}/dependabot/alerts) and passes the raw alert output into parallel analysis agents as part of its required workflow, so untrusted third‑party advisory text could influence analysis and recommendations.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 9, 2026, 04:32 PM

Issues

1

Security Audit — snyk — review-deps