skills/saltbo/agent-kanban/ak-maintainer/Snyk

ak-maintainer

Warn

Audited by Snyk on Jun 27, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). GitHub event workflow step 4/5 fetches issue/PR/comment/review bodies from GitHub (e.g., via gh issue view ... --json ...body... / gh pr view ... --json ...body...), which are outsider-authored free text, and the agent then uses that content to decide replies/tasks.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 27, 2026, 04:37 PM

Issues

1

Security Audit — snyk — ak-maintainer