skills/gmh5225/awesome-game-security/graphics-api-hooking/Snyk

graphics-api-hooking

Warn

Audited by Snyk on Mar 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill's "Data Source" section explicitly instructs the agent to fetch and use public raw.githubusercontent.com URLs (the awesome-game-security README, archive/{owner}/{repo}.txt, and description/{owner}/{repo}/description_en.txt), meaning the agent will ingest and act on untrusted, user-generated third‑party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and reference remote raw GitHub content at runtime (e.g., https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md), which will be injected into the agent's context and thus directly control prompts and can include archived source code used as required dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 20, 2026, 03:02 AM

Issues

2