eve-fullstack-app-design
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill explicitly documents runtime access to user-generated third-party content — e.g., "Apps can browse and search mounted Drive content through Eve's Cloud FS surface (
eve cloud-fs ls,eve cloud-fs search)" and mentions consuming Slack/GitHub events — which means agents are expected to read/interpret external Drive/Slack/GitHub data that could materially influence their actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata