github-code-review
Fail
Audited by Snyk on May 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill explicitly reads a GITHUB_TOKEN from local files into a variable and uses it in curl/HTTP Authorization headers (e.g., -H "Authorization: token $GITHUB_TOKEN"), which instructs the agent to retrieve and embed a secret into generated commands/requests and thus risks secret exposure.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches PR metadata and bodies from GitHub (e.g., the "curl ... https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER" that prints pr['body'] in the "View PR Details"/Step 2 examples) and then uses those user-generated PR descriptions and file diffs to drive actions (checkout, run tests, post reviews), so untrusted third-party content can influence agent decisions and behavior.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata