Skills
skills/terrylica/cc-skills/issue-create/Snyk

issue-create

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated GitHub content at runtime (e.g., "Fetches repository's existing labels" via gh label list and "Searches for similar issues"/related-issues in SKILL.md and references/label-strategy.md), and feeds that untrusted issue/label content into AI prompts for label suggestion and duplicate detection, so third-party content can influence agent decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 02:09 PM
Issues
1
Security Audit — snyk — issue-create