Skills
skills/sundial-org/awesome-openclaw-skills/bring-shopping/Snyk

bring-shopping

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's CLI (scripts/bring_cli.mjs) uses the bring-shopping library to call bring.loadLists() and bring.getItems(), fetching user-created Bring! lists and items from the third-party Bring! service (untrusted, user-generated content) which the agent reads and uses to select and act on lists/items.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 12:24 AM
Issues
1