skills/hack23/riksdagsmonitor/gh-aw-workflow-authoring/Snyk

gh-aw-workflow-authoring

Warn

Audited by Snyk on Mar 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's "Dependency Update Review" workflow example in SKILL.md explicitly lists tools: web-fetch and instructs the agent to check public sources (npm audit, GitHub advisory database, Snyk or similar) — i.e., fetching and interpreting untrusted public web content that directly influences merge/security recommendations and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The workflow's compile job installs and runs a remote npm package ("npm install -g @github/agentic-workflows-compiler" — https://www.npmjs.com/package/@github/agentic-workflows-compiler) and pulls the actions/checkout@v4 action (https://github.com/actions/checkout), both of which fetch and execute remote code at runtime and are required for the compilation step.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 12, 2026, 10:54 AM

Issues

2