assembla
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly exposes fetching Assembla user-generated content (e.g., "List Ticket Comments", "Get Ticket", "Wiki Page") and allows proxying API requests via the Membrane CLI, so untrusted third‑party text from Assembla spaces could be ingested and influence the agent's decisions or subsequent tool use.
Audit Metadata