skills/lobehub/lobe-chat/source-command-dedupe/Snyk

source-command-dedupe

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs agents to view and summarize GitHub issues and to search GitHub for duplicates (user-generated, public content), which the agent must interpret and act on (filter results and post comments), so untrusted third‑party content from GitHub can materially influence behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 20, 2026, 08:32 PM

Issues

1

Security Audit — snyk — source-command-dedupe