skill-evaluator
Warn
Audited by Snyk on Apr 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and parsing SKILL.md and related files from public third‑party sources (skills.sh pages, raw.githubusercontent.com / GitHub repos, SkillHub/ClawHub and the GitHub API) and using that untrusted, user‑generated content to drive security assessments and installation decisions, so those external pages can materially influence agent actions and enable indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches SKILL.md and referenced files at runtime from external locations (e.g. https://raw.githubusercontent.com/{owner}/{repo}/.../SKILL.md and https://skills.sh/{owner}/{repo}/{skill-name}) and then reads/executes scripts or follows those instructions, so remote content can directly control agent prompts or trigger code execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata