Workflow Automation Builder
Warn
Audited by Snyk on Apr 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly fetch and parse content from open third-party endpoints (e.g., curl to raw.githubusercontent.com in the Quick Start and curl calls to Railway's backboard.railway.app/graphql, Vercel's api.vercel.com, and health URLs in monitoring jobs) and then use those responses to set alerts, quality gates, and deployment/rollback logic, so untrusted external content can materially influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The quick-start installs a workflow by curling a raw GitHub URL (https://raw.githubusercontent.com/your-repo/workflow-templates/main/ci-cd.yml) at runtime, which injects remote workflow code that can be executed by CI and thus directly controls executed instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata