Skills
skills/happycog/craft-skill/Craft CMS Skills/Snyk

Craft CMS Skills

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and downloads remote http/https file URLs in create_asset and update_asset (e.g., "fileUrl" / "newFileUrl" supporting remote http(s) URLs), which ingests arbitrary, untrusted third-party content into the agent's workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:49 AM