implement-plan
Warn
Audited by Snyk on Jul 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill’s runtime reads the plan artifact
plan.mdfromdocs/threads/<...>/plans/.../plan.md(outsider-authored free text risk) and then ingests its task text into the agent’s LLM context for execution/self-review; if that plan was authored by someone other than the operating user, it is outsider content.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata