univer-worklog-auto
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to "collect Codex/workbuddy/git/GitHub evidence" and then summarize/dedupe and act on that content, so it ingests user-generated third-party data (e.g., GitHub commits/PRs) that can materially influence tool decisions like worklog creation/submission.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata