skills/theneoai/awesome-skills/vmware-engineer/Snyk

vmware-engineer

Warn

Audited by Snyk on Mar 31, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The Platform Support section explicitly instructs the agent to "Read [URL] and install" from a public raw.githubusercontent.com URL (https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/enterprise/vmware/vmware-engineer/SKILL.md), meaning the agent will fetch and install external, publicly-hosted user-controlled content that can directly change its system prompt/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The Platform Support entries instruct the agent to "Read [URL] and install"—specifically https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/enterprise/vmware/vmware-engineer/SKILL.md—so at runtime the agent would fetch remote raw GitHub content that directly provides system-prompt instructions controlling the agent's behavior.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 31, 2026, 06:24 AM

Issues

2