skills/aaaaqwq/claude-code-skills/expense-tracker/Snyk

expense-tracker

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The Cloudflare Worker webhook for the Telegram bot ingests arbitrary user-generated text/photos which are sent to Claude Haiku for parsing (SKILL.md: "Send text or photo to bot, Claude Haiku parses it, stores in D1"), so untrusted third‑party content can be interpreted and drive storage/actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 20, 2026, 09:35 AM

Issues

1

Security Audit — snyk — expense-tracker