astro-release

Warn

Audited by Snyk on Jun 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The “Generate Contributors List” workflow fetches PR authors, issue comments, PR review comments, and reviews from GitHub for merged PRs since the last release; those comment/review bodies and author identities are outsider-authored content that becomes LLM-readable text via the gh api .../issues/PR_NUMBER/comments, .../pulls/PR_NUMBER/comments, and .../pulls/PR_NUMBER/reviews calls.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 01:02 PM
Issues
1
Security Audit — snyk — astro-release