Skills
skills/erezrokah/skills/you-dont-need-isr/Snyk

you-dont-need-isr

Warn

Audited by Snyk on Apr 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill's Phase 3 explicitly requires live WebFetch of public third-party pages (e.g., https://www.ubicloud.com/use-cases/github-actions and Vercel docs/pricing URLs) and parses that external content to compute build-cost projections that influence recommendations, so it clearly ingests untrusted public web content as part of its workflow.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 08:22 AM
Issues
1