devcontainer-setup
Warn
Audited by Snyk on Mar 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's install script (templates/snowflake-ai-tools/install.sh) directly downloads and executes third-party installers from public URLs (https://astral.sh/uv/install.sh, https://claude.ai/install.sh, and https://ai.snowflake.com/static/cc-scripts/install.sh) as part of the required setup, allowing untrusted external code to modify installed CLIs and thus materially influence later tool use and agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The feature's install.sh is executed at runtime and performs curl | sh/bash on external scripts (https://astral.sh/uv/install.sh, https://claude.ai/install.sh, and https://ai.snowflake.com/static/cc-scripts/install.sh), which fetch and execute remote code and are included by default in the snowflake-ai-tools feature.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata