repo-research
Warn
Audited by Snyk on Mar 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and clones arbitrary public GitHub repositories as part of its workflow (see SKILL.md "批量克隆", "主题驱动搜索研究模式" and steps calling /find-skills and git clone) and its scripts (search.py, qa.py, architecture.py, quality.py, security.py) read/parse README.md, SKILL.md and source files from those untrusted, user-generated repos and then use that content to generate analyses, LLM answers, and actionable recommendations—so third‑party content is ingested and can materially influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill will, at runtime in "theme-driven search" mode, run "/skill-manager install https://skills.sh/vercel-labs/skills/find-skills", which fetches and installs remote skill code that can be executed locally and may influence agent behavior/prompting (https://skills.sh/vercel-labs/skills/find-skills).
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata