skills/kunhai-88/skills/ai-sdk/Snyk

ai-sdk

Warn

Audited by Snyk on Feb 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs fetching and reading public .md documentation URLs (e.g., requesting pages like https://ai-sdk.dev/docs/agents/building-agents.md) from the open web, meaning the agent will ingest untrusted third-party content that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of external Markdown via https://ai-sdk.dev/api/search-docs?q=... and directly requesting returned .md URLs (e.g. https://ai-sdk.dev/docs/agents/building-agents.md) to obtain text used for current API/examples, which can directly control agent prompts/instructions.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 17, 2026, 07:35 AM