skills/nvidia/skills/mcore-split-pr/Snyk

mcore-split-pr

Warn

Audited by Snyk on May 30, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). The workflow fetches PR content from GitHub at runtime via gh pr view <number> --json title,body,... and gh pr diff <number> --stat; the PR body/diff are authored by the PR author (an outsider relative to the operating user), so that free text can be ingested into the agent’s LLM context.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 30, 2026, 01:38 AM

Issues

1

Security Audit — snyk — mcore-split-pr