review-fetch-phase
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required fetch step (SKILL.md step 4) runs scripts/fetch-review-state.mjs which calls
gh api graphql(see THREADS_QUERY, REVIEWS_QUERY, COMMENTS_QUERY) to ingest GitHub PR review threads, reviews, and issue comments — user-generated, public content that is parsed into review-state.json and extracted into review-targets.json used for downstream triage, so third-party text can materially influence subsequent tool-driven decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata