Skills
skills/antithesishq/antithesis-skills/antithesis-triage/Snyk

antithesis-triage

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly navigates to arbitrary Antithesis report and log URLs (e.g., "https://$TENANT.antithesis.com/..." per SKILL.md), injects a runtime into those pages and downloads/reads report DOM and log files via assets/download-logs.sh and the antithesis-triage runtime, thereby ingesting untrusted, user-generated third‑party content that directly influences triage decisions and subsequent tool actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 12:12 PM
Issues
1