review-architecture
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). This skill's required workflow (SKILL.md step 2) tells the agent to fetch and read diffs from a user-supplied PR URL or branch using commands like "gh pr diff" and "git diff", meaning it ingests untrusted, user-generated PR content that will directly influence review decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata