Skills
skills/chasebuild/agent-skills/rust-skill-creator/Snyk

rust-skill-creator

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public documentation from arbitrary URLs (e.g., agent-browser/WebFetch calls to https://docs.rs/{crate}/..., https://doc.rust-lang.org/..., and user-provided URLs via /create-llms-for-skills), so untrusted third‑party content is read and used to generate skills and drive subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The skill explicitly fetches documentation at runtime from URLs like https://docs.rs/{crate}/latest/{crate}/ and https://doc.rust-lang.org/std/... (via /create-llms-for-skills, agent-browser open, and WebFetch) and uses the fetched content to generate llms.txt and SKILL.md that directly drive the agent's prompts/behavior, so these external pages are runtime dependencies that can control instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 11:44 AM