dotnet-new-lib-slnx
Warn
Audited by Snyk on Apr 24, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly fetches and interprets public, user-controllable data (e.g., the .NET releases index at https://raw.githubusercontent.com/dotnet/core/refs/heads/main/release-notes/releases-index.json, the NuGet V3 service at https://api.nuget.org/v3/index.json, and the Docker Hub tags API) to choose target frameworks, resolve package versions, and validate Docker tags—external content that directly influences tool decisions and generation behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches the .NET releases index at https://raw.githubusercontent.com/dotnet/core/refs/heads/main/release-notes/releases-index.json at runtime to compute default target frameworks and quick-pick options, so remote content directly controls the agent's prompts/choices and is relied on for correct behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata