rtk
Warn
Audited by Snyk on Apr 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's installation workflow explicitly fetches and executes public GitHub content (see scripts/install.sh which curls https://raw.githubusercontent.com/${REPO}/.../install.sh and also supports cargo install --git https://github.com/${REPO}), and SKILL.md directs running bash scripts/install.sh and rtk init which can pull and install prompt files/plugins that materially affect agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The install script explicitly fetches and executes remote code at runtime (curl -fsSL https://raw.githubusercontent.com/akillness/rtk/refs/heads/master/install.sh | sh) and the installer also supports pulling and building code via git (cargo install --git https://github.com/akillness/rtk), so these URLs are runtime dependencies that execute remote code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata