source-command-track-mentions

Warn

Audited by Snyk on May 26, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2) instructs the agent to run Perplexity deep research and fall back to WebSearch/WebFetch to retrieve and verify third-party sites (articles, Reddit, Twitter/X, LinkedIn, YouTube, GitHub, etc.), so the agent will fetch and interpret untrusted public/user-generated content which directly affects whether mentions are added and commits are made.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 26, 2026, 10:40 AM
Issues
1
Security Audit — snyk — source-command-track-mentions