Skills
skills/arcblock/agent-skills/blocklet-server-dev-setup/Snyk

blocklet-server-dev-setup

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill clones and updates public GitHub repositories (e.g., git clone https://github.com/ArcBlock/blocklet-server.git and agent-skills) and explicitly reads/executes SKILL.md files (~/arcblock-repos/blocklet-server/.claude/skills/project-setup/SKILL.md) and also delegates analysis of non-GitHub/user-provided URLs to a URL-analyzer, so it ingests and acts on untrusted public third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones the repository at runtime from https://github.com/ArcBlock/blocklet-server.git (also allowed via git@github.com:ArcBlock/blocklet-server.git) and then reads and executes the repository's project-setup SKILL.md instructions (running installs/starts), so fetched remote content directly controls runtime instructions and execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 03:43 AM