orienting-codebases
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill fetches and extracts outsider-authored repository content at runtime (e.g.,
curl ... /tarball/$REFfrom GitHub, thentar -xzfinto/tmp/$REPO), and then feeds extracted free-form code text into the LLM context via the HTML artifact generation step (treesitsource extraction →composing-html ... --specwithbody_htmlcontaining “Actual source extracted by treesit”).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata