Skills
skills/databricks-solutions/vibe-coding-workshop-template/skill-freshness-audit/Snyk

skill-freshness-audit

Warn

Audited by Snyk on Mar 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md "Full Audit (per skill)" and "Upstream Source Audit" workflows explicitly tell the agent to read verification_sources from skill frontmatter and WebFetch those public URLs (e.g., docs.databricks.com, mlflow.org) and raw GitHub URLs (https://raw.githubusercontent.com/...) and then compare and act on the results, which clearly exposes the agent to external, user-hosted content that can influence follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs at runtime to fetch upstream content from raw GitHub URLs (e.g. https://raw.githubusercontent.com/databricks-solutions/ai-dev-kit/main/{path}), and that fetched SKILL.md/doc content is used as verification anchors to drive drift detection and (via the self-improvement workflow) potential automated updates—meaning remote content can directly influence agent prompts/instructions and update behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 02:34 AM