Skills
skills/membranedev/application-skills/savvycal/Snyk

savvycal

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and acts on data from the third‑party SavvyCal API via Membrane (e.g., "membrane action list", "membrane action run", and "membrane request CONNECTION_ID /path/to/endpoint" in SKILL.md), so untrusted user-generated content from that external service would be read and could influence subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 03:07 PM
Issues
1