prd-workflow
Warn
Audited by Snyk on Mar 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's automated workflow explicitly fetches Confluence pages (e.g., https://company.atlassian.net/wiki/spaces/PLAN/pages/12345678) and Figma design URLs (e.g., https://www.figma.com/design/example/ID?node-id=1-1&m=dev) at runtime and injects the retrieved content into the PRD-generation prompt, meaning those external URLs can directly control the agent's instructions.
Audit Metadata