review-triage-phase

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests PR review content from GitHub (see agents/review-triager.md instructions to use node ../review-fetch-phase/scripts/fetch-review-state.mjs --pr and/or gh api to populate review-state.json and to "read the full-body text" of pull_request_review targets) and then uses that untrusted, user-generated content to drive triage decisions and automated actions (replies, reactions, resolving threads, and creating Linear tickets), which could allow indirect prompt injection via crafted review bodies.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 05:56 AM
Issues
1
Security Audit — snyk — review-triage-phase