Skills
skills/lebsral/dspy-programming-not-prompting-lms-skills/ai-fixing-errors/Snyk

ai-fixing-errors

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly uses an external retriever (e.g., dspy.ColBERTv2(url="http://...") and dspy.Retrieve) and passes retrieved context.passages into the model (step3(context=context.passages,...)), which means it fetches and ingests potentially untrusted/public third‑party content as part of its workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 03:11 AM