.claude/skills/electron-distribution/SKILL.md
Warn
Audited by Snyk on Mar 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). This skill's updater workflows explicitly fetch update metadata and releaseNotes from public providers (GitHub Releases, S3/CloudFront, and the provided update-server endpoints) — see main/services/updater.ts and update-server/server.ts — and then surface those third‑party release notes to the app/UI where they can influence download/install decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata