init-repo
Warn
Audited by Snyk on Apr 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly uses WebFetch to retrieve untrusted public content (e.g., license texts from https://raw.githubusercontent.com/Nathan13888/nice-skills/master/data/licenses/{SPDX-ID} and .gitignore templates from https://raw.githubusercontent.com/github/gitignore/...) as required steps in the workflow and then reads/uses that content to create files and drive subsequent actions, so third-party content could indirectly inject instructions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata