drive-pr-walkthrough
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and use PR title/body via
gh pr viewand to follow linked Linear ticket content as the "source of truth"—both user-authored, third-party inputs that the agent must read and use to determine intent, enabling indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches PR metadata at runtime (via
gh pr view --json title,body,url) and uses PR body/linked tickets as the primary "intent" source — e.g. external GitHub PR URLs like https://github.com/ORG/REPO/pull/1234 — so remote PR/ticket content can directly control the agent's prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata