skills/josiahsiegel/claude-plugin-marketplace/windows-git-bash-compatibility/Snyk

windows-git-bash-compatibility

Warn

Audited by Snyk on Mar 21, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The deploy-adf.sh workflow explicitly uses curl to download a public script from raw.githubusercontent.com (PrePostDeploymentScript.Ver2.ps1) and then executes it with pwsh to stop/start triggers and control deployments, so untrusted third-party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The deploy-adf.sh script downloads a PowerShell script at runtime from https://raw.githubusercontent.com/Azure/Azure-DataFactory/main/SamplesV2/ContinuousIntegrationAndDelivery/PrePostDeploymentScript.Ver2.ps1 using curl and then executes it with pwsh, which is remote code fetched at runtime and directly executed.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 21, 2026, 03:58 AM

Issues

2