skills/microsoft/github-copilot-modernization/project-decomposition/Snyk

project-decomposition

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). At runtime, scripts/decompose.py ingests outsider-authored free text from the repository’s source files (e.g., module code/comments and import/namespace statements) while walking <source-path>; this text is parsed into LOC/edges and then printed into the LLM context via the L1/L3 stdout blocks.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 22, 2026, 08:02 AM

Issues

1

Security Audit — snyk — project-decomposition