skills/everyinc/compound-engineering-plugin/ce-promote/Snyk

ce-promote

Warn

Audited by Snyk on Jun 25, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). Outsider free text can enter the LLM context via gh pr view --json title,body,url (PR title/body authored by non-operating users) and/or git diff/changelog content that includes outsider-authored text, which the skill then summarizes and uses to draft copy.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 25, 2026, 06:29 AM

Issues

1

Security Audit — snyk — ce-promote