Skills
skills/diverta/kuroco-skills/kuroco-admin-api-browser/Snyk

kuroco-admin-api-browser

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow explicitly fetches and parses dynamic, login-protected pages from arbitrary Kuroco management sites (notably /llms.txt and /direct/rcms_api/llms/?mt=...) and ingests those third-party / user-editable API/docs pages to decide which API calls to make, allowing content on those pages to materially influence agent actions as described in SKILL.md Step 3/3.5 and the advise/discover flows.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching the site-generated llms.txt at runtime (e.g. https://{site_key}.{env}.kuroco-mng.app/direct/rcms_api/llms/ and related runtime admin_api endpoints such as https://{site_key}.{env}.kuroco-mng.app/direct/rcms_api/admin_api/?MODE=advise), and those responses are read and used to determine the agent's API calls and instructions, so remote content directly controls agent behavior and is a required dependency.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 06:46 AM