skills/alexander-danilenko/ai-skills/security-reviewer/Snyk

security-reviewer

Warn

Audited by Snyk on Apr 25, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and interpreting public third‑party content during reconnaissance (e.g., references/penetration-testing.md shows commands like curl "https://crt.sh/?q=%.example.com&output=json", subfinder/amass, nmap against external targets), so untrusted web/forum/page data can influence subsequent scan actions and decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 25, 2026, 05:57 PM

Issues

1