component-gallery
Warn
Audited by Snyk on Mar 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill ingests and queries public, user-authored web content (scraped from component.gallery via the crawl_site/firecrawl pipeline in scripts/ingest.py and additional deep-dive markdown fetched from raw GitHub URLs in scripts/ingest.py), and the RAG/query workflow (SKILL.md and scripts/query.py) has the agent read and synthesize that untrusted third‑party content to drive design decisions, which could allow indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The ingest pipeline fetches external markdown at runtime (e.g., https://raw.githubusercontent.com/inbn/component-gallery/main/src/content/componentContent/{filename} and also crawls https://component.gallery/) and uses that fetched content to build the RLAMA RAG collection that will be retrieved into the model context, so remote files can directly control prompts/agent outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata