daishin-report-search
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses public HTML reports from a third‑party GitHub Pages mirror (via the GitHub recursive tree API at https://api.github.com/repos/jay-jo-0/github_pages_repo/... and raw content at https://raw.githubusercontent.com/... / the GitHub Pages URL), ingesting untrusted user-hosted page content which the agent reads and uses to produce JSON/summaries, allowing malicious page content to influence outputs.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata