Skills
skills/echoleesong/claude-skills-plugin/skill-factory/Snyk

skill-factory

Warn

Audited by Snyk on Mar 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public GitHub content (fetch_github_info.py reads raw README from raw.githubusercontent.com; import_github_skill.py uses the GitHub API or git clone to download repository files) and SKILL.md Step 2 requires the agent to analyze README content from arbitrary public repos, so untrusted user-generated content can directly influence subsequent actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The scripts fetch README and repository files at runtime from GitHub/raw URLs (e.g., https://raw.githubusercontent.com////README.md and https://api.github.com/repos/{owner}/{repo}/contents/...), and the agent injects and analyzes that fetched content to generate SKILL.md and wrapper code, meaning remote content can directly influence prompts/instructions and introduce code into the created Skill.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 06:32 PM