planning-with-files-de
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and hooks explicitly ingest and re-read user/project files (task_plan.md, findings.md, progress.md) and the session-catchup script reads prior session logs, and the docs instruct storing web/search results and URLs in findings.md (and warn that task_plan.md is re-injected before each tool call via the PreToolUse hook), so untrusted public/web-sourced or user-generated content can be read and materially influence agent actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata