snyk
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install the 'snyk' package via npm ('npm install -g snyk'). Because the 'snyk' organization is not listed as a trusted source, this is categorized as an unverifiable dependency installation.
- [PROMPT_INJECTION] (HIGH): The skill describes an architecture vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The 'snyk test' and 'snyk monitor' commands process external data from source code, dependency manifests, and container images (SKILL.md).
- Boundary markers: Absent. There are no instructions or delimiters provided to assist the agent in distinguishing legitimate scan results from malicious instructions embedded within the scanned files.
- Capability inventory: The skill includes the 'snyk fix' command, which grants the agent the authority to modify the local filesystem based on the findings from untrusted external data (SKILL.md).
- Sanitization: Absent. There is no mention of validating or sanitizing the output of the scanning tools before the agent processes or acts on it.
- Assessment: The combination of processing untrusted data and having file-write permissions creates a high-risk scenario where an attacker could execute a prompt injection attack via the source code being scanned.
Recommendations
- AI detected serious security threats
Audit Metadata