cicd-workflows
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests live content from public third-party endpoints (e.g., https://api.expo.dev/v2/workflows/schema and raw files on https://raw.githubusercontent.com/expo/expo/...), and the agent is expected to read and use that untrusted public content when generating and validating workflows.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches required runtime resources—https://api.expo.dev/v2/workflows/schema and the two raw GitHub URLs (https://raw.githubusercontent.com/expo/expo/refs/heads/main/docs/pages/eas/workflows/syntax.mdx and https://raw.githubusercontent.com/expo/expo/refs/heads/main/docs/pages/eas/workflows/pre-packaged-jobs.mdx)—and uses their contents as the authoritative source to drive schema validation and workflow generation, meaning external content directly controls the agent's outputs.
Audit Metadata