Skills
skills/laurigates/claude-plugins/claude-blog-sources/Snyk

claude-blog-sources

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill's Research Workflow and Monthly Article Review Process explicitly instruct the agent to WebFetch blog pages (e.g., "WebFetch: https://www.claude.com/blog/{article-slug}" and "Fetch Blog Index: https://www.claude.com/blog/") and to extract guidance that can change CLAUDE.md, create skills, or alter behavior, meaning it ingests public third‑party web content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs WebFetch at runtime against the Claude blog (e.g., https://www.claude.com/blog/ and https://www.claude.com/blog/{article-slug}) and then injects the fetched article content into prompts for extracting guidance, so external content directly controls agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 07:05 PM