skills/kaelzhang321/teambition-agent-toolkit/tb-update-task-status/Snyk

tb-update-task-status

Warn

Audited by Snyk on Apr 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill runs node bin/tb-api.mjs commands (steps 2 and 4) to fetch project tasks and taskflow statuses from a Teambition project (third-party, user-generated content) and then reads/uses those results to choose and update tasks, so untrusted external content can influence which actions the agent takes.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 12, 2026, 03:31 AM

Issues

1