Skills
skills/fredm00n/framerlabs/framer-code-components-overrides/Snyk

framer-code-components-overrides

Warn

Audited by Snyk on Mar 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's documentation explicitly instructs importing code and assets from open CDN/HTTP sources (e.g., SKILL.md "NPM Package Imports" using https://esm.sh/package-name and references/patterns.md importing "https://framer.com/m/framer/store.js@^1.0.0" and framerusercontent.com placeholder media URLs), which means runtime components ingest third‑party web content that could materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The skill includes an explicit runtime import that would fetch and execute remote JavaScript — e.g. import { createStore } from "https://framer.com/m/framer/store.js@^1.0.0" — which is a required dependency in the Shared State example and therefore executes external code at runtime.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 02:36 PM
Issues
2