prepare-migration
Warn
Audited by Snyk on May 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill invokes "stardust:extract --prep" (Phase 1) which extracts and types pages from live public sites and the assets-prep step (Phase 4) downloads external fonts referenced by canon.css, so it ingests untrusted public web content that can materially influence subsequent decisions and tool use.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata