Skills
skills/builtby-win/skills/gaud-mode/Snyk

gaud-mode

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill runs a mandatory update preflight (see SKILL.md "Run this first" and bin/gaud-mode-update-check) which fetches VERSION and package metadata from public raw.githubusercontent.com (and gaud-mode-upgrade can git-clone https://github.com/builtby-win/skills), so the agent reads public GitHub content at runtime and can change upgrade/install actions based on that remote data.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 04:49 AM
Issues
1