skills/rolemodel/rolemodel-skills/theming-context/Snyk

theming-context

Warn

Audited by Snyk on Apr 27, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to "Use web_fetch or another method to retrieve the relevant documentation page" (e.g., docs.optics.rolemodel.design and the GitHub repo), so the agent will fetch and apply public third-party web content to its decisions, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs using web_fetch at runtime to retrieve documentation pages (e.g. https://docs.optics.rolemodel.design/?path=/docs/components-button--docs), meaning remote content fetched from that URL can be injected into and directly influence agent responses.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 27, 2026, 12:55 AM

Issues

2