Skills
skills/elastic/integration-skills/dashboard-review/Snyk

dashboard-review

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's review procedure explicitly tells the reviewer to clone or check out a PR URL (e.g., "When reviewing a PR by URL ... clone it into a temp directory or use gh pr checkout" in references/review-procedure.md) and then run kbdash on the repo's dashboard JSON files, which means the agent will fetch and ingest untrusted, user-provided GitHub/PR content and use extracted text to drive review decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 08:43 PM
Issues
1
Security Audit — snyk — dashboard-review