t3code
Warn
Audited by Snyk on Jun 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The required runtime path is
scripts/launch_thread.py→prompt_from_args()reads--prompt-file(arbitrary file text) or--prompt(free-form user text) and then sends it asmessage.textinside the WebSocket RPCthread.turn.startpayload to the T3 server; this is outsider-authored free text if the file/message content came from someone other than the operating user.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill calls a runtime server origin (e.g. the discovered origin such as http://127.0.0.1:3773 or the value from server-runtime.json) and invokes endpoints like {origin}/api/auth/websocket-ticket and the websocket /ws to run orchestration.dispatchCommand (bootstrap.createThread / bootstrap.prepareWorktree), which can cause the server to execute project setup scripts and other remote code, so the origin URL is a required runtime dependency that can execute code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata