skills/paulund/ai/dev-review/Snyk

dev-review

Warn

Audited by Snyk on May 4, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill explicitly runs "gh pr view" and "gh pr diff" to fetch PR descriptions and diffs from GitHub (user-generated/public PRs), which the agent must read and use to form its review, allowing untrusted third-party content to influence its actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 4, 2026, 04:14 PM

Issues

1

Security Audit — snyk — dev-review