Skills
skills/mgd34msu/goodvibes-gemini/partykit/Snyk

partykit

Warn

Audited by Snyk on Mar 29, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's server onMessage handlers clearly ingest arbitrary client-sent messages (see multiple "onMessage" examples and the "AI Integration" section) and directly pass data.text into ai.run, meaning untrusted user-generated content from connected clients can influence AI calls and subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 07:54 AM
Issues
1