Skills
skills/laurigates/claude-plugins/blueprint-work-order/Snyk

blueprint-work-order

Warn

Audited by Snyk on Apr 21, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The "Create from Existing Issue" workflow explicitly runs gh issue view N --json title,body,labels,number to fetch and parse GitHub issue body (user-generated, potentially public/untrusted content) and uses that content to populate work-orders and drive subsequent actions, so external issue text could influence agent decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 21, 2026, 01:17 AM
Issues
1