Skills
skills/alien-id/agent-id/alien-agent-id/Snyk

alien-agent-id

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses third‑party web content (e.g., the service manifest at /.well-known/alien-agent-id.json via discover-service and arbitrary pages via service-support as shown in SKILL.md and implemented in lib.mjs), and the manifest's fields (api.base, auth.header/scheme, specUrl, etc.) are used to construct requests and drive subsequent actions, so untrusted third‑party data can materially influence the agent's tool use.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 08:33 PM
Issues
1