skills/sunny0826/open-source-skills/release-notes/Snyk

release-notes

Warn

Audited by Snyk on Apr 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md and README.md explicitly require the user to paste a raw commit log (untrusted, user-provided third‑party content) which the agent will read and interpret to generate release notes, so external text can materially influence its behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 17, 2026, 02:29 AM

Issues

1