skills/getpaseo/paseo/paseo-epic/Snyk

paseo-epic

Warn

Audited by Snyk on May 9, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs agents to read and act on repository-hosted, user-generated content—e.g., using gh pr list --state merged to infer merge conventions and gh pr checks / CI failure logs to drive fixes—meaning it ingests untrusted third-party PR/CI content that can influence tool actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 9, 2026, 10:44 AM

Issues

1