task-manager

Warn

Audited by Snyk on Jun 22, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). In scripts/backlog-groomer.js, the agent calls runMoltbotAssist() with input built from outsider-authored task fields (task.text, task.notes, task.work_notes) and sends them to the local LLM via fetch("http://localhost:5278/api/clawdbot/research", ...), so any free-text in those task fields can become LLM context (indirect prompt injection risk).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 01:56 PM
Issues
1
Security Audit — snyk — task-manager