taskloop

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill routinely fetches issue content from public third-party trackers (Linear and Jira) — see references/providers/.md, the monitor-.sh.tmpl scripts, and autonomous-loop.md — and ingests issue titles/descriptions/labels (markdown/ADF) as required input to decide which service to change, branch names, and next actions, so untrusted user-generated tracker content can materially influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's monitor and provider adapters make runtime requests to external tracker APIs (e.g. https://api.linear.app/graphql and https:///rest/api/3/...) whose returned issue payloads are ingested into the agent's loop and directly drive the agent's prompts/actions, and those endpoints are required dependencies for the loop to operate.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 07:43 AM
Issues
2
Security Audit — snyk — taskloop