Skills
skills/adobe/skills/block-collection-and-party/Snyk

block-collection-and-party

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill fetches and parses public, community-contributed resources (e.g., the Block Party index at https://www.aem.live/developer/block-party/block-party.json and user GitHub repos via the GitHub API in search-block-collection-github.js, and it retrieves block HTML from the live Block Collection site in get-block-structure.js), so it ingests untrusted, third‑party/user-generated content and interprets it as part of its workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:38 AM