trellis-session-insight
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Runtime path: the skill calls the local CLI
trellis mem, which indexes and then dumps cleaned dialogue from outsider-authored platform JSONL logs (e.g., Claude/Codex/Pi conversation logs written by other participants), and that dumped free text is inserted into the agent’s LLM context for summarization/quoting.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata