skills/theneoai/awesome-skills/novartis-engineer/Snyk

novartis-engineer

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). This skill's "Platform Support" and "How to Use This Skill" sections explicitly instruct the agent to fetch and "Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/healthcare/novartis/novartis-engineer/SKILL.md" (a public GitHub/raw URL), meaning the agent will ingest untrusted third‑party content that can change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime platforms to "Read" and apply the raw GitHub SKILL.md, meaning the URL https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/healthcare/novartis/novartis-engineer/SKILL.md is fetched at runtime and its content would directly control the agent's system prompt/instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 31, 2026, 06:25 AM

Issues

2