Skills
skills/keep-starknet-strange/starknet-agentic/huginn-onboard/Snyk

huginn-onboard

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). High risk: the set includes a direct raw GitHub shell script (install.sh) and an explicit curl | bash quick‑start command from an unknown GitHub repo — executing remote .sh from untrusted sources can run arbitrary malware; the other links (GitHub pages, API) are not direct downloads but support the same risky install flow.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes untrusted public content—e.g., calling the AVNU public API at https://api.avnu.fi/v1/bridge/quote to obtain bridge calldata, curl-ing raw scripts from raw.githubusercontent.com for install, and accepting ipfs:// metadata URLs—which the agent is expected to read and act on, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly instructs the agent to move and manage crypto funds: it uses the AVNU bridge API to get a quote and execute a bridge transfer, requires the agent to have ETH/USDC and be able to sign transactions, and shows how to deploy accounts and send on-chain calls (register_agent, log_thought). These are direct crypto/blockchain operations (wallet signing, swaps/bridging, transaction execution), i.e., explicit financial execution capability.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 03:06 AM