skills/anthropics/knowledge-work-plugins/contact-center/web/Snyk

contact-center/web

Warn

Audited by Snyk on May 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's Smart Embed workflow explicitly instructs loading an iframe and listening/responding to window.postMessage events from the iframe (concepts/lifecycle-and-events.md and SKILL.md), which requires reading and acting on third-party/untrusted iframe messages that can influence runtime behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 12, 2026, 04:12 AM

Issues

1

Security Audit — snyk — contact-center/web