sophnet-skill-installer
Warn
Audited by Snyk on Mar 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). This skill fetches and downloads skill directories from public GitHub (e.g., the default https://api.github.com/repos/DuffyCoder/awesome-sophnet-skills/contents/skills and arbitrary user-supplied owner/repo paths) and then reads SKILL.md metadata and may execute downloaded install scripts (scripts/install-skills.py -> _run_skill_install_script), so untrusted, user-generated content from GitHub is ingested and can directly change behavior and run code.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The installer fetches repositories at runtime from GitHub (e.g. https://codeload.github.com/{owner}/{repo}/zip/{ref} and via git clone URLs like https://github.com/{owner}/{repo}.git or git@github.com:{owner}/{repo}.git) and then executes fetched install scripts (bash/python) from those repos, so remote content is fetched at runtime and can execute code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata