skills/nuxt-content/nuxt-studio/ai-sdk/Snyk

ai-sdk

Warn

Audited by Snyk on Feb 21, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to search and fetch public docs from ai-sdk.dev (e.g., "Search the docs: https://ai-sdk.dev/api/search-docs?q=your_query" and "Fetch those .md URLs directly (e.g. https://ai-sdk.dev/docs/agents/building-agents.md)"), meaning the agent will read and act on open third-party web content that could contain untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to call https://ai-sdk.dev/api/search-docs?q=your_query and to fetch raw markdown files such as https://ai-sdk.dev/docs/agents/building-agents.md for "plain text content" used to inform responses, which means remote content can directly control the agent's prompts/behavior.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 21, 2026, 01:22 PM