Skills
skills/openant-ai/openant-skills/team-task-dispatch/Snyk

team-task-dispatch

Warn

Audited by Snyk on Mar 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to poll and read the OpenAnt inbox and related commands (e.g., npx @openant-ai/cli inbox --json, subtasks list, reviewRequests, subtasks submit), which ingest user-generated/untrusted submissions from other users and those contents are explicitly used to decide claiming, working, and approving subtasks, so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs "npx @openant-ai/cli@latest" which at runtime fetches and executes remote npm package code (https://www.npmjs.com/package/@openant-ai/cli), so the fetched content is a required dependency that executes remote code and therefore presents a runtime remote-code control risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 10:47 AM