Skills
skills/arvindand/agent-skills/github-navigator/Snyk

github-navigator

Warn

Audited by Snyk on Mar 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and clones public GitHub repositories (e.g., SKILL.md's "Deep Analysis Mode" clone to /tmp and numerous gh api examples like gh api repos/OWNER/REPO/contents/PATH), causing the agent to read and interpret untrusted, user-generated content from github.com as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill clearly performs runtime fetches of arbitrary repository content (e.g., via git clone https://github.com/OWNER/REPO.git and gh api repos/OWNER/REPO/contents/PATH) which are pulled into the agent’s context for analysis and thus can directly influence prompts/behavior and introduce remote code/content the skill depends on.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 08:30 PM