drive-pr-walkthrough

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and use PR title/body via gh pr view and to follow linked Linear ticket content as the "source of truth"—both user-authored, third-party inputs that the agent must read and use to determine intent, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches PR metadata at runtime (via gh pr view --json title,body,url) and uses PR body/linked tickets as the primary "intent" source — e.g. external GitHub PR URLs like https://github.com/ORG/REPO/pull/1234 — so remote PR/ticket content can directly control the agent's prompts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 05:56 AM
Issues
2
Security Audit — snyk — drive-pr-walkthrough