lovstudio-maintain-partners
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow for this skill (e.g., Op 1) ingests outsider-authored free text via
lovstudio-find-logowhen it fetches/parses public web content from the user-supplied partner homepage/press-kit URL (--url <URL>), which then becomes readable text in the agent/LLM context through the orchestrated logo-discovery step.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata