org-search

Warn

Audited by Snyk on Jul 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required workflow uses jbcontext repos and jbcontext search to discover and search across “all available repositories,” then uses gh to fetch full file context from those repos; since those repos’ README/code/issues are authored by other parties, the LLM will ingest outsider-authored free text (e.g., repository file contents/snippets) via the runtime tool outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to fetch raw repository files via the GitHub API (gh api "repos///contents/?ref=" -H "Accept: application/vnd.github.raw"), which would retrieve remote file contents and inject them into the agent's context to drive prompts, so this is a high-confidence runtime external dependency controlling prompts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 12:29 PM
Issues
2
Security Audit — snyk — org-search