skills/apideck-libraries/api-skills/lever/Snyk

lever

Warn

Audited by Snyk on Apr 21, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and acts on user-generated Lever data via Apideck's ATS API (see SKILL.md examples like "List applicants in Lever" and the Proxy flow with x-apideck-downstream-url that calls Lever endpoints), so untrusted third-party content could be read and influence agent actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 21, 2026, 04:50 AM

Issues

1

Security Audit — snyk — lever