address-feedback

Warn

Audited by Snyk on Apr 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to fetch and read unresolved PR review comments and full threads from GitHub via "gh api repos/{owner}/{repo}/pulls/{number}/comments" and related GraphQL queries — these are user-generated, potentially untrusted third‑party contents that the agent must interpret to decide code changes and replies, which could allow indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 23, 2026, 10:05 PM
Issues
1
Security Audit — snyk — address-feedback