gitsync
Warn
Audited by Snyk on Mar 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The gitsync script explicitly runs git pull (scripts/gitsync.sh) and SKILL.md's Agent Integration requires the agent to analyze conflict files and even launch a subagent to "Analyze and resolve merge conflicts in ", which causes the agent to ingest and act on content fetched from remote/untrusted git remotes (third‑party user-generated code).
Audit Metadata