skills/agents-inc/skills/cli-framework-oclif-ink/Snyk

cli-framework-oclif-ink

Warn

Audited by Snyk on Apr 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The SKILL explicitly documents oclif plugin support and runtime plugin installation (SKILL.md / examples/advanced.md Pattern 5: "mycli plugins install ...", host CLI registers user-installable plugins), which fetches and loads untrusted third-party npm packages that can change CLI behavior and thus could enable indirect prompt-injection.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 7, 2026, 01:33 AM

Issues

1