Skills
skills/athola/claude-night-market/github-initiative-pulse/Snyk

github-initiative-pulse

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public GitHub content (e.g., "sync from GitHub Projects" and "Pull tracker JSON" / ProjectTracker.get_status_report() in modules/status-digest.md) and uses issue/PR data to generate digests and decide risks/next actions, so untrusted user-generated content from GitHub can influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 06:51 PM