coderpad
Warn
Audited by Snyk on Apr 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves CoderPad pad contents and events (e.g., "Get Pad Environment" returns file contents including candidate code and "Get Pad Events" returns event logs) and also allows proxying arbitrary CoderPad API requests via Membrane, meaning the agent will ingest untrusted, user-generated third-party content that could contain instructions influencing its decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata