skills/fairchild/workspaces/drive/Snyk

drive

Warn

Audited by Snyk on Jun 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). Outsider-authored GitHub milestone/issue text is fetched at runtime via gh api in scripts/milestone_status.py (fetch_milestone reads milestone.description, and fetch_issues reads issue title/labels), then the resulting JSON is printed and used to drive the agent’s planning context.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 17, 2026, 07:24 AM

Issues

1

Security Audit — snyk — drive