▥AGENT LAB: SKILLS — FEB 26 NYCAGENT LAB: SKILLS

skills/openprose/prose/open-prose/Snyk

open-prose

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill explicitly supports running and importing remote .prose programs by fetching arbitrary http(s) URLs and registry handles (see "Remote Programs" and "use" resolution to https://p.prose.md/{path}), meaning the agent will fetch and interpret untrusted, user-provided third‑party content at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly allows fetching and executing .prose programs at runtime (e.g., "prose run https://raw.githubusercontent.com/openprose/prose/main/skills/open-prose/examples/48-habit-miner.prose" and resolving registry paths via https://p.prose.md/...), so remote URLs are fetched during execution and their content is run as code and can directly control agent prompts.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 15, 2026, 08:15 PM