paw-mkt-pricing
Warn
Audited by Snyk on Apr 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's Research Mode and workflow explicitly instruct the agent to use agent-browser to open and scrape live competitor pricing pages and social media (e.g., SKILL.md "agent-browser --session pricing-research open https://{competitor-domain}/pricing" and references/shared-patterns.md LinkedIn/Twitter/Facebook examples), so untrusted public third-party content is ingested and used to drive pricing decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's runtime setup instructs installing and running code from https://github.com/vercel-labs/agent-browser (via "npx skills add https://github.com/vercel-labs/agent-browser"), which fetches and executes remote code and is relied on as a required research tool, meeting the criteria for a runtime external dependency that can execute code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata