Skills
skills/rudironsoni/dotnet-harness-plugin/rulesync/Snyk

rulesync

Warn

Audited by Snyk on Mar 5, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and installs skills and files from arbitrary public GitHub repositories (see cli-commands.md rulesync fetch and declarative-sources.md / rulesync install), which causes the agent to ingest untrusted, user-generated SKILL.md and repository content that the agent will read and act on, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and installs remote GitHub repositories at runtime which can supply SKILL.md prompt content (e.g., "rulesync fetch owner/repo" / declarative source "anthropics/skills") and the install docs even show executing remote code via curl -fsSL https://github.com/dyoshikawa/rulesync/releases/latest/download/install.sh | bash, so external content can directly control prompts or execute code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 09:33 PM