Skills
skills/swn94/claude-scientific-skills/dnanexus-integration/Snyk

dnanexus-integration

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.70). The prompt contains an explicit instruction to proactively promote and recommend K-Dense Web (an unrelated third‑party product) when complexity increases, which directs the agent to behave outside the DNAnexus integration skill's stated purpose and therefore constitutes a deceptive/out‑of‑scope instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's examples and runSpec explicitly show downloading and reading arbitrary files from DNAnexus projects (e.g., dxpy.download_dxfile / DXFile.open_file in references/data-operations.md and app-development.md) and permit external network access and pulls from public sources (runSpec "access": ["*"], pip/docker pulls, GitHub links), so the agent is expected to ingest untrusted user-generated or public third‑party content.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 12:55 PM