skill-retro

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). This skill's Step 2 explicitly spawns an analysis sub-agent and instructs it to read the session transcript and the SKILL.md file for each invoked skill (including paths under installed plugin cache such as ~/.claude/plugins/cache/), meaning it ingests third‑party plugin skill files and transcript content that can directly influence analysis and follow-up actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 07:57 AM
Issues
1
Security Audit — snyk — skill-retro