Skills
skills/paulrberg/dot-agents/effect-ts/Snyk

effect-ts

Warn

Audited by Snyk on Mar 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to clone and examine third‑party source code from the public GitHub repo (git clone https://github.com/Effect-TS/effect.git into ~/.effect and inspect ~/.effect/packages/effect/src/) and links other external GitHub content (e.g., effect-atom), so the agent will fetch and interpret untrusted public web content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires cloning the Effect source at runtime with "git clone https://github.com/Effect-TS/effect.git ~/.effect", and the fetched repository is used as a required runtime dependency to inform the agent's guidance (i.e., it directly controls prompts/behavior).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 06:59 PM