Skills
skills/simhacker/moollm/skill-snitch/Snyk

skill-snitch

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's FETCH-SCAN and related protocols explicitly accept and fetch arbitrary external URLs (e.g., "User provides any URL: GitHub repo, directory, file, blog post... Fetch via raw.githubusercontent.com" and "read the blog, follow links, scan what you find"), meaning the agent will read and interpret untrusted, user-provided web content as part of its workflow, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The FETCH-SCAN protocol explicitly fetches remote skill files at runtime (e.g., via raw.githubusercontent.com) and injects those fetched files into the LLM context for analysis, which means external content from https://raw.githubusercontent.com is used at runtime to directly control prompts/behaviour and is a required dependency of the feature.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 11:35 AM