skills/julianobarbosa/claude-code-skills/research-add-items/Snyk

research-add-items

Warn

Audited by Snyk on Jun 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). The skill ingests outsider-authored free text when it optionally launches a web-search subagent (public web content fetched at runtime) and then merges the subagent’s suggestions into the LLM-visible candidate list for user confirmation.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 15, 2026, 04:17 PM

Issues

1

Security Audit — snyk — research-add-items