Skills
skills/prorise-cool/claude-code-multi-agent/product-specialist/Snyk

product-specialist

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's Trend Researcher and Search Specialist capabilities explicitly state the agent will gather and analyze public, user-generated content from sources like TikTok, app stores, and social media, meaning it ingests untrusted third-party content that could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes a "Payment Integration" capability that names Stripe and PayPal and describes integrating payment processors, handling checkout flows, subscriptions, webhooks, and PCI compliance. That is a specific, primary definition to move/manage money (payment gateway integration), which meets the Direct Financial Execution criteria. (While the Quant Analyst mentions trading models, the Payment Integration entry alone is sufficient to flag direct financial execution.)
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:41 AM