search
Warn
Audited by Snyk on Feb 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to use web-search and extraction tools (tavily_search, tavily_extract, tavily_crawl, websearch_web_search_exa, GitHub Grep, zai-zread_search_doc) to fetch and extract content from public sites (e.g., Stack Overflow, blogs, GitHub issues/repos) and then synthesize/cross-validate that content into recommendations, so untrusted third-party content is ingested and can materially influence actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses runtime webfetch/extraction (e.g., webfetch("https://raw.githubusercontent.com/{owner}/{repo}/{branch}/{path}")) and Tavily's tavily_extract to fetch raw GitHub/URL content which is injected into the agent context and can directly control prompts/instructions, so this external raw.githubusercontent.com URL pattern is a runtime dependency that can control agent behavior.
Audit Metadata