context-save

Fail

Audited by Snyk on May 20, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.90). The skill purports only to "save working context" but contains explicit, out-of-scope instructions to modify the repo (e.g., append/commit CLAUDE.md routing rules, run git rm and add .gitignore), to auto-run telemetry/analytics that record the repo name despite claiming not to, and to perform various auto-updates/syncs and prompts — behavior that is deceptive relative to the stated narrow purpose and could change/exfiltrate project state.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's preamble and artifact-sync workflow explicitly run remote pulls and syncs (e.g., git fetch/merge in GSTACK_HOME and calls to "~/.claude/skills/gstack/bin/gstack-brain-sync", and an optional open to https://garryslist.org), which fetch and read content from configured Git/GitHub/GitLab or web hosts (untrusted/user-generated) that the skill then reads and uses to influence suggestions and next actions.

Issues (2)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 20, 2026, 05:21 PM
Issues
2
Security Audit — snyk — context-save