skills/yusuke-suzuki/dotfiles/resolve-comments/Snyk

resolve-comments

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill fetches and reads PR review comments from GitHub (via gh api /repos/{owner}/{repo}/pulls/{number}/comments and the GraphQL reviewThreads query) — user-generated, potentially untrusted content that the agent must interpret and then use to decide actions and post replies/resolutions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). This skill calls GitHub API endpoints at runtime (e.g., https://api.github.com/repos/{owner}/{repo}/pulls/{number}/comments and https://api.github.com/graphql) to fetch PR comment bodies that are injected into the agent's context and therefore directly control the agent's prompts/instructions, and those fetches are required for the skill to operate.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 31, 2026, 01:33 AM

Issues

2

Security Audit — snyk — resolve-comments