fusion360-expert
Warn
Audited by Snyk on Mar 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to "Read https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/cad/fusion360-expert/SKILL.md" (see §5 Platform Support and §13 Quick Install), which requires fetching and ingesting public GitHub raw content (untrusted/user-generated) that will be interpreted and installed as a skill, allowing that third-party content to materially change agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to "Read https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/cad/fusion360-expert/SKILL.md and install as skill", meaning an external raw GitHub URL is fetched and its content is injected/used as the agent's prompt/configuration, which directly controls agent instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata