Warn
Audited by Snyk on Apr 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's mandatory "CRITICAL: Search Before Writing" in SKILL.md requires the agent to search and ingest external public sources for facts and citations, and the html_to_pdf.js and routes/html.md explicitly allow loading third-party resources (e.g., paged.polyfill.js from unpkg CDN, KaTeX/Mermaid/web fonts via CDN) so the agent will fetch and interpret open/public web content that can influence document content and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill instructs running a remote installer via "curl -fsSL https://drop-sh.fullyjustified.net | sh" for Tectonic (executes fetched code), and its HTML converter may inject and execute Paged.js from "https://unpkg.com/pagedjs@0.4.3/dist/paged.polyfill.js" at runtime if the local bundle is absent—both are runtime fetches that execute remote code the skill relies on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata