planning-with-files-de

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and hooks explicitly ingest and re-read user/project files (task_plan.md, findings.md, progress.md) and the session-catchup script reads prior session logs, and the docs instruct storing web/search results and URLs in findings.md (and warn that task_plan.md is re-injected before each tool call via the PreToolUse hook), so untrusted public/web-sourced or user-generated content can be read and materially influence agent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 04:01 AM
Issues
1
Security Audit — snyk — planning-with-files-de