offworld
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill locates and reads per-repo reference files and repo clone paths (e.g., local reference files under ~/.local/share/offworld and by running "ow pull <owner/repo>"), which can ingest arbitrary public GitHub/third‑party repos and their user‑generated content that the agent is expected to read.
Audit Metadata