work-backlog-item
Warn
Audited by Snyk on Mar 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). This skill explicitly loads and parses GitHub Issue content (via the mcp__plugin_dh_backlog__backlog_view/backlog_list calls described in Step 1b and the GitHub Integration sections) and uses the issue body and related public per-item data to drive planning, RT-ICA, and downstream tool invocations, so untrusted, user-generated GitHub content can influence agent decisions and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning and reading the canonical SAM repository at https://github.com/bitflight-devops/stateless-agent-methodology (git clone ... https://github.com/bitflight-devops/stateless-agent-methodology.git) at runtime to obtain the methodology files that are used to drive agent prompts/behavior, so this external URL can directly control prompts and is referenced as a runtime dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata