ecosystem-authoritative-sources
Warn
Audited by Snyk on Mar 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's Dynamic Specification Fetching pattern (L4-pattern-definitions/dynamic-specification-fetching.md) explicitly instructs the agent to WebFetch live documentation from raw GitHub URLs (e.g., raw.githubusercontent.com) at execution time and to base function signatures on that fetched content, which is public, untrusted third‑party content the agent will read and use to drive decisions and tool behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The Dynamic Specification Fetching pattern explicitly instructs the agent at runtime to WebFetch and base its implementation on the external spec at https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md, meaning fetched content would directly control agent prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata