skills/mukul975/anthropic-cybersecurity-skills/analyzing-supply-chain-malware-artifacts/Snyk

analyzing-supply-chain-malware-artifacts

Warn

Audited by Snyk on Apr 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's runtime agent (scripts/agent.py) explicitly fetches and parses live package metadata from public, user-generated registries (https://registry.npmjs.org/... and https://pypi.org/pypi/...) which the agent reads as part of its workflow and can influence analysis decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 7, 2026, 06:46 PM

Issues

1