skills/lllllllama/ai-paper-reproduction-skill/repo-intake-and-plan/Snyk

repo-intake-and-plan

Warn

Audited by Snyk on Apr 2, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill explicitly reads and interprets arbitrary repository README and project files (see SKILL.md "Access to README and common project files" and scripts/extract_commands.py which opens and parses README content), so untrusted user-generated README content can materially influence command classification and recommended reproduction actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 2, 2026, 05:39 PM

Issues

1