standup
Warn
Audited by Snyk on Mar 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated content from public GitHub (e.g., "gh api repos/laris-co/nat-location-data/contents/current.csv" and "gh issue list") and reads issue titles/files as part of the standup workflow used to produce suggestions, so untrusted third‑party content could influence agent actions.
Audit Metadata