Skills
skills/notque/claude-code-toolkit/wordpress-live-validation/Snyk

wordpress-live-validation

Warn

Audited by Snyk on Apr 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill autonomously navigates to arbitrary public WordPress URLs (Phase 1: "Navigate to the post URL" via browser_navigate) and then reads and interprets page DOM and visible text (Phase 2 VALIDATE: title, body.innerText, H2s, OG tags, network requests, console messages via browser_evaluate/browser_snapshot/browser_network_requests), meaning untrusted, user-generated web content can directly influence validation outcomes and subsequent tool-driven decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 05:57 AM
Issues
1