review-pr
Warn
Audited by Snyk on Mar 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated PR content (title, body, comments, diff via
gh pr view/gh pr diff/gh api) and JIRA ticket descriptions/comments (viajira issue view) and then uses that content to validate requirements and drive analysis/recommendations, so third-party content could indirectly influence the agent's decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches HyperFleet standards at runtime from the GitHub API (e.g. gh api repos/openshift-hyperfleet/architecture/contents/hyperfleet/standards/FILENAME.md — https://api.github.com/repos/openshift-hyperfleet/architecture/contents/hyperfleet/standards/FILENAME.md), decodes and injects that markdown into agent subagents as required context, meaning remote content fetched at runtime directly controls prompts/instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata