github-code-review

Fail

Audited by Snyk on May 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill explicitly reads a GITHUB_TOKEN from local files into a variable and uses it in curl/HTTP Authorization headers (e.g., -H "Authorization: token $GITHUB_TOKEN"), which instructs the agent to retrieve and embed a secret into generated commands/requests and thus risks secret exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches PR metadata and bodies from GitHub (e.g., the "curl ... https://api.github.com/repos/$OWNER/$REPO/pulls/$PR_NUMBER" that prints pr['body'] in the "View PR Details"/Step 2 examples) and then uses those user-generated PR descriptions and file diffs to drive actions (checkout, run tests, post reviews), so untrusted third-party content can influence agent decisions and behavior.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 01:45 PM
Issues
2
Security Audit — snyk — github-code-review