gh-address-comments

Warn

Audited by Snyk on Jun 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The skill runs python3 ./scripts/fetch_comments.py, which calls gh api graphql to fetch PR comments, reviews, and reviewThreads (including bodies) authored by other users, and then prints them as JSON that the agent can read into its LLM context—this is outsider-authored free text from GitHub PR conversation threads.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs the agent to request elevated network/sandbox permissions (e.g., "sandbox_permissions=require_escalated" and elevated gh auth scopes) which directs the agent to bypass sandboxing/security controls and escalate privileges.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 10:52 PM
Issues
2
Security Audit — snyk — gh-address-comments