skills/bmad-labs/skills/load-docs/Snyk

load-docs

Warn

Audited by Snyk on Apr 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and fully read URLs via WebFetch (e.g., "URLs — use WebFetch to retrieve and read the content") and to ingest that content into the agent's context, so arbitrary public web pages (untrusted third-party content such as the raw GitHub URL used in the evals) can directly influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches arbitrary URLs at runtime with WebFetch (e.g., https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/README.md) and injects the retrieved content into the agent's context, which can directly control prompts/instructions provided to the model.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 19, 2026, 02:46 AM

Issues

2