skills/agentconnect/awiki-cli/awiki/Snyk

awiki

Warn

Audited by Snyk on Apr 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The installation workflow explicitly instructs fetching code from public GitHub/Gitee URLs (references/00-installation.md: "npx skills add https://github.com/AgentConnect/awiki-cli.git" and the Gitee equivalent), which requires the agent to download and ingest untrusted, user-hosted repository content that can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill instructs runtime installation using remote git repositories that will be fetched and executed (e.g., via "npx skills add https://github.com/AgentConnect/awiki-cli.git" and the Gitee mirror "https://gitee.com/agentconnect/awiki-cli.git"), which means external code is pulled at runtime and can directly control behavior.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 29, 2026, 12:46 PM

Issues

2