skills/timesheetio/timesheet-plugin/timesheet/Snyk

timesheet

Warn

Audited by Snyk on Jun 14, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.75). The skill is a CLI wrapper around timesheet.io and its runtime workflow necessarily ingests outsider-authored free text from the service’s API responses (e.g., task/project/absence/todo/note descriptions and other user-entered fields) into the agent’s LLM context when the agent reads --json output.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 14, 2026, 06:37 AM

Issues

1

Security Audit — snyk — timesheet