Skills
skills/evolv3ai/claude-skills-archive/mockoon-cli/Snyk

mockoon-cli

Warn

Audited by Snyk on Mar 10, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's CLI explicitly accepts remote URLs as --data/--input (e.g., "mockoon-cli start --data https://example.com/mock-data.json" in SKILL.md and references/commands.md), so the agent would fetch and load untrusted public JSON/OpenAPI files that directly control runtime behavior (responses, templating, callbacks), enabling indirect prompt-injection-like influence.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:49 AM