skills/microsoft/hve-core/prompt-builder/Snyk

prompt-builder

Warn

Audited by Snyk on Jun 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (medium risk: 0.65). The required runtime workflow repeatedly dispatches Researcher Subagent and Prompt Updater during the research/modify phases, which (by design) can ingest outsider-authored free text from runtime research sources (e.g., public web content or other external documents) into the agent context via the subagent’s research/update steps.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 26, 2026, 03:39 PM

Issues

1

Security Audit — snyk — prompt-builder