t3code

Warn

Audited by Snyk on Jun 28, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime path is scripts/launch_thread.pyprompt_from_args() reads --prompt-file (arbitrary file text) or --prompt (free-form user text) and then sends it as message.text inside the WebSocket RPC thread.turn.start payload to the T3 server; this is outsider-authored free text if the file/message content came from someone other than the operating user.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill calls a runtime server origin (e.g. the discovered origin such as http://127.0.0.1:3773 or the value from server-runtime.json) and invokes endpoints like {origin}/api/auth/websocket-ticket and the websocket /ws to run orchestration.dispatchCommand (bootstrap.createThread / bootstrap.prepareWorktree), which can cause the server to execute project setup scripts and other remote code, so the origin URL is a required runtime dependency that can execute code.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 10:26 AM
Issues
2
Security Audit — snyk — t3code