rpgjs
Warn
Audited by Snyk on Apr 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and read live, public documentation (for example https://v5.rpgjs.dev/llms.txt and linked Markdown pages, plus https://canvasengine.net/llms.txt and raw.githubusercontent.com README files) as a mandatory part of its workflow, which brings untrusted third‑party web content into the agent’s decision loop and can materially influence subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching and following external documentation at runtime (e.g., https://v5.rpgjs.dev/guide/quick-start.md and https://v5.rpgjs.dev/llms.txt), which directly control the agent's instructions and are treated as mandatory dependencies for operation.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata