reply-writer

Warn

Audited by Snyk on Jul 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). SKILL.md’s required workflow explicitly ingests a “batch of comments, mentions, and DMs” (outsider-authored free text) and then has the LLM parse/bucket/quote their exact words into the generated worklist context, creating an indirect prompt-injection surface.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 18, 2026, 07:08 AM
Issues
1
Security Audit — snyk — reply-writer