check-pr
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). At runtime the skill fetches PR/MR/CL description and comments from outsider-authored sources (e.g., GitHub issue/PR comments via
gh api --paginate "repos/$OWNER_REPO/issues/<PR_NUMBER>/comments"and GitLab MR discussions viaglab api "projects/:fullpath/merge_requests/<MR_IID>/discussions"), and those comment bodies are ingested as readable text into the agent’s LLM context for analysis.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata