taskloop
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill routinely fetches issue content from public third-party trackers (Linear and Jira) — see references/providers/.md, the monitor-.sh.tmpl scripts, and autonomous-loop.md — and ingests issue titles/descriptions/labels (markdown/ADF) as required input to decide which service to change, branch names, and next actions, so untrusted user-generated tracker content can materially influence tool use and behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's monitor and provider adapters make runtime requests to external tracker APIs (e.g. https://api.linear.app/graphql and https:///rest/api/3/...) whose returned issue payloads are ingested into the agent's loop and directly drive the agent's prompts/actions, and those endpoints are required dependencies for the loop to operate.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata