Skills
skills/bagelhole/devops-security-agent-skills/saas-security-posture/Snyk

saas-security-posture

Warn

Audited by Snyk on Mar 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse data from third-party services (e.g., gh api calls to GitHub org installations/hooks, curl calls to Slack admin APIs, and gam queries of Google OAuth tokens and DNS/proxy logs) and to act on those results (revoke tokens, uninstall apps, modify policies), so untrusted/user-generated content from those external APIs could materially influence tool use and decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill contains commands that write files to /usr/local/bin, chmod them, and append a cron job to /etc/cron.d (and reads /var/log/*), which modify system-wide files and require elevated privileges on the host.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 02:05 PM
Issues
2