rallish-operator
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly polls the rallish broker (calls like
rallish rally statusand reads session history / ~/.rallish/sessions//log.jsonl and thetask/note fields) and parses arbitrary user-provided notes from other participants to compose responses and driverally done/tool actions, so untrusted third‑party content can materially influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The bundled installer is invoked at runtime and fetches/executes remote content (e.g. it resolves the latest release via https://api.github.com/repos/jazz1x/rallish/releases/latest and downloads the release tarball from https://github.com/jazz1x/rallish/releases/download/... — and the script even documents running https://raw.githubusercontent.com/jazz1x/rallish/main/install.sh | sh), so these URLs are used at runtime to retrieve and install/execute required external code for the skill.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata