Skills
skills/terminalskills/skills/yjs/Snyk

yjs

Warn

Audited by Snyk on Apr 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill explicitly connects to external WebSocket providers (e.g., WebsocketProvider "wss://your-yjs-server.example.com" / "wss://yjs.example.com") and processes incoming user-generated document updates and awareness events (doc.on('update', ...) and awareness.on('change')), so untrusted third-party content is ingested and can influence application behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 04:54 AM
Issues
1