upgrade
Warn
Audited by Snyk on Mar 3, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Pull latest from GitHub" and run the plugin's upgrade CLI (node "<PLUGIN_ROOT>/build/cli.js" upgrade), which fetches and executes public, user-generated code from GitHub and requires the agent to read and re-display the resulting output, so untrusted third‑party content can influence behavior.
Audit Metadata