es-toolkit
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The init script (scripts/init.sh) fetches live content from public GitHub endpoints (calls to the GitHub API at https://api.github.com/repos/toss/es-toolkit/releases/latest and downloads the release archive from https://github.com/toss/es-toolkit/...tar.gz) and then extracts/reads the repository's Markdown reference files into references/, so the agent will read untrusted, public third‑party content at runtime.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The init script fetches remote content at runtime from https://api.github.com/repos/toss/es-toolkit/releases/latest and https://github.com/toss/es-toolkit/archive/refs/tags/v$version.tar.gz, downloading and injecting the repository's reference markdown into the skill's runtime references (a required dependency) which can directly influence the agent's prompts/responses.
Audit Metadata