skills/howarewoo/woostack/woostack-status/Snyk

woostack-status

Warn

Audited by Snyk on Jun 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). Outsider-authored free text from GitHub PR bodies is ingested at runtime via gh pr list ... --json ... --json ... --limit 50 and then parsed/filtered by jq in prs_for_spec(), where .body comes from PR authors (not the operating user) and is used to select rows.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 17, 2026, 02:36 PM

Issues

1

Security Audit — snyk — woostack-status