clay-to-deepline
Warn
Audited by Snyk on Apr 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill clearly ingests untrusted public content — e.g., HAR/bulk-fetch-records and Clay workbook fetches (Phase 1 §1.5) plus web research via exa_search / apify (references/binary-search-optimizer.md, clay-action-mappings.md) — and explicitly uses those recovered prompts and web results as inputs that drive LLM prompts, gating logic, and follow-up tool actions, which allows indirect prompt-injection from third‑party pages.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches Clay API endpoints at runtime (e.g., GET https://api.clay.com/v3/tables/{TABLE_ID} and POST https://api.clay.com/v3/tables/{TABLE_ID}/bulk-fetch-records), and uses the returned bulk-fetch/portableSchema prompt text verbatim to build agent prompts, so these URLs directly control prompts and are required for the migration flow.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata