weekly-digests
Warn
Audited by Snyk on Jun 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The skill fetches a full claude-mem timeline via a runtime HTTP call (
curl ... /api/context/inject?project=...&full=true) and then reads/splits that resulting markdown into per-week files that are injected into each subagent prompt as{ABSOLUTE_PATH_TO_WEEK_FILE}; that timeline content can include outsider-authored free text (e.g., comments/issues/PRs/wiki/discussion entries) authored by non-operating users.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata