skills/kilo-org/kilo-marketplace/add-remote-skill/Snyk

add-remote-skill

Warn

Audited by Snyk on Feb 28, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill clones and sparse-checkouts content from public GitHub URLs (see "Workflow" and "Script Details" in SKILL.md and bin/add-remote-skill.ts), reads SKILL.md and repository files from those untrusted repos, and uses that content to populate metadata and drive the add/installation workflow, so remote, user-generated content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill runs at runtime to clone GitHub URLs (e.g., https://github.com/vercel-labs/agent-skills/tree/main/skills/claude.ai/web-design-guidelines), and the fetched SKILL.md and skill code become required runtime content that can directly control agent prompts/behavior, so this is a high-risk external dependency.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 28, 2026, 06:38 AM