Skills
skills/ralph-loop/claude-skills-secnews/secnews/Snyk

secnews

Warn

Audited by Snyk on Mar 7, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 1) uses WebFetch to load a public feed registry from https://raw.githubusercontent.com/ralph-loop/claude-skills-secnews/master/secnews_feeds.md and (Step 3) then fetches and parses RSS feeds (including community sources like Reddit) from those open/public URLs, and the agent must read/interpret that untrusted, user-generated third-party content to decide which items are "critical" and what summaries/actions to produce, allowing indirect prompt injection to influence behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:06 AM