apiary
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs the agent to fetch user-generated Apiary content (e.g., "Get API Blueprint", "Fetch Styleguide Assertions") and to proxy arbitrary Apiary API requests via "membrane request", meaning the agent will ingest third‑party (potentially untrusted) documentation that could influence subsequent actions.
Audit Metadata