review-wall-of-apps-prs

Warn

Audited by Snyk on Jul 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The skill’s workflow centers on reviewing outsider-authored GitHub pull requests (PR diffs, file lists, and review thread text) which are read at runtime from the PR content and can include free-form attacker-controlled text (e.g., PR descriptions/comments), creating an indirect prompt-injection path into the agent’s LLM context.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 02:42 AM
Issues
1
Security Audit — snyk — review-wall-of-apps-prs