review-triage-phase
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests PR review content from GitHub (see agents/review-triager.md instructions to use node ../review-fetch-phase/scripts/fetch-review-state.mjs --pr and/or gh api to populate review-state.json and to "read the full-body text" of pull_request_review targets) and then uses that untrusted, user-generated content to drive triage decisions and automated actions (replies, reactions, resolving threads, and creating Linear tickets), which could allow indirect prompt injection via crafted review bodies.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata