Skills
skills/olafgeibig/skills/lossless-claw-use/Snyk

lossless-claw-use

Warn

Audited by Snyk on Mar 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill's agent tools (lcm_grep, lcm_describe, lcm_expand_query) explicitly read summaries, raw conversation messages, and stored large file content from the LCM SQLite DB (see reference/agent-tools.md and reference/architecture.md), which are untrusted user-generated content across conversations and are used to drive sub-agent expansions and subsequent actions—exposing the agent to potential indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 02:05 PM
Issues
1