skills/bgauryy/octocode/octocode-news/Snyk

octocode-news

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). High likelihood: the workflow fetches public web/RSS content at runtime (e.g., fetch-rss and then “open the canonical article URL and read full page content”), and that fetched outsider-authored prose is inserted into the generated JSON/HTML context via build-report --require-full-content.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 18, 2026, 04:44 AM

Issues

1

Security Audit — snyk — octocode-news