skills/wanshuiyin/auto-claude-code-research-in-sleep/training-check/Snyk

training-check

Warn

Audited by Snyk on May 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads user-run metrics from the third-party service Weights & Biases (via wandb.Api().run("//<run_id>").history()) and uses those untrusted, user-generated metrics to make automated Stop/Continue/Wait decisions in the SKILL.md workflow.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 13, 2026, 01:59 PM

Issues

1

Security Audit — snyk — training-check