review-fetch-phase

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's required fetch step (SKILL.md step 4) runs scripts/fetch-review-state.mjs which calls gh api graphql (see THREADS_QUERY, REVIEWS_QUERY, COMMENTS_QUERY) to ingest GitHub PR review threads, reviews, and issue comments — user-generated, public content that is parsed into review-state.json and extracted into review-targets.json used for downstream triage, so third-party text can materially influence subsequent tool-driven decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 05:56 AM
Issues
1
Security Audit — snyk — review-fetch-phase