get-brand-assets

Warn

Audited by Snyk on Jul 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill calls the Brand.dev API via the user-supplied domain (e.g., stripe.com) through $GOOSEWORKS_API_BASE/v1/proxy/orthogonal/run, and that runtime extraction can include free-form text scraped from third-party company websites, which the LLM may ingest as readable content—an outsider source.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 06:17 AM
Issues
1
Security Audit — snyk — get-brand-assets