security-scanner
Warn
Audited by Snyk on Mar 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs running scanners against arbitrary public targets and fetching remote resources (e.g., "trivy repo https://github.com/user/repo", Nuclei/ZAP scans of https://target.example.com, and "kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml"), which clearly causes the agent/tooling to ingest untrusted, third‑party content that can materially change actions or execution.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill contains a direct install command that fetches and pipes a remote shell script to the shell (curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin), which executes remote code at runtime as a required installation step for Trivy.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata