Skills
skills/anntnzrb/agents/grep-app/Snyk

grep-app

Warn

Audited by Snyk on Mar 11, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the public grep.app API (default https://grep.app/api/search) to fetch HTML snippets of public GitHub code (untrusted, user-generated content) as shown in SKILL.md, reference.md, and scripts/grep-app.sh, and those results are intended to be read/parsed by the tool and could therefore contain instructions that influence subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 01:28 PM
Issues
1