skills/udecode/dotai/resolve-pr-feedback/Snyk

resolve-pr-feedback

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). Outsider-authored PR review content is fetched at runtime via gh api graphql in scripts/get-pr-comments (review thread comment body, top-level PR comment body, and review body body), then passed into the agent’s LLM context as untrusted “comment text”.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 19, 2026, 07:05 PM

Issues

1

Security Audit — snyk — resolve-pr-feedback