skills/alirezarezvani/claude-skills/finance-lead/Snyk

finance-lead

Fail

Audited by Snyk on Apr 2, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

Potential prompt injection detected (medium risk: 0.60). The prompt silently references an external persona file ("../../../agents/personas/finance-lead.md") which likely injects behavioral instructions not declared in the skill metadata (the skill has no description), so this is a hidden/deceptive inclusion that can alter agent behavior outside any stated purpose.

Issues (1)

E004

CRITICAL

Prompt injection detected in skill instructions.

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 2, 2026, 12:43 PM

Issues

1

Security Audit — snyk — finance-lead