Skills
skills/hack23/riksdagsmonitor/github-agentic-workflows/Snyk

github-agentic-workflows

Warn

Audited by Snyk on Mar 4, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly enables fetching public web content (tools: web-fetch, web-search and custom-mcp/MCP gateway) and includes required workflows that read and act on external/public GitHub/raw URLs and repository files (e.g., "tools: web-fetch/web-search", "gh aw add https://github.com/...", and the mandatory "Step 5: Translate Swedish Content" where an LLM reads and translates HTML files), so untrusted, user-generated third‑party content is ingested and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to "Create a workflow ... using https://raw.githubusercontent.com/github/gh-aw/main/create.md", which is a runtime fetch of raw content that would be injected into agent instructions and thus can directly control prompts — this remote raw GitHub URL is a high-confidence runtime dependency.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 11:09 PM