Skills
skills/prorise-cool/prorise-claude-skills/product-specialist/Snyk

product-specialist

Warn

Audited by Snyk on Mar 11, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's references (notably references/product_feedback-synthesizer.md and references/product_trend-researcher.md) explicitly require ingesting and analyzing untrusted, user-generated public content (app store reviews, Reddit/forums, TikTok/Instagram/YouTube trends) via WebSearch/WebFetch/Read as part of its workflow to drive product decisions, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly includes a "Payment Integration" capability that names Stripe and PayPal and describes integrating payment processors, handling checkout flows, subscriptions, webhooks, and PCI compliance. That is a specific, primary definition to move/manage money (payment gateway integration), which meets the Direct Financial Execution criteria. (While the Quant Analyst mentions trading models, the Payment Integration entry alone is sufficient to flag direct financial execution.)

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 03:17 PM
Issues
2