skills/nsantini/gsdl/gsdl-fetch-source/Snyk

gsdl-fetch-source

Warn

Audited by Snyk on Mar 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's Step 3 explicitly fetches content from untrusted third-party sources (Linear/Notion/Slite) via MCP tools, direct API calls, or the WebFetch of SOURCE_URL, and Step 4/6 then interprets that content to produce seed.md and project actions the orchestrator will use—so external, user-generated content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill fetches arbitrary user-provided SOURCE_URLs at runtime (e.g., https://www.notion.so/{PAGE_ID}, https://linear.app/{team}/issue/{ISSUE-ID}/..., or via API endpoints such as https://api.notion.com/v1/pages/{PAGE_ID}) and injects the returned content into seed.md which is then used as agent prompts, so remote content can directly control agent instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 12, 2026, 07:22 PM

Issues

2