Skills
skills/tristanmanchester/agent-skills/fabric-api/Snyk

fabric-api

Warn

Audited by Snyk on Feb 26, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and OpenAPI (fabric-api.yaml) explicitly instruct the agent to call Fabric API endpoints (e.g., POST /v2/search, POST /v2/resources/filter, GET /v2/resources/{resourceId}, GET /v2/resources/{resourceId}/comments, POST /v2/notepads) to read user-created notepads, bookmarks, comments and other workspace content from https://api.fabric.so, which are untrusted user-generated third‑party contents the agent will ingest and that could materially influence subsequent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 06:53 PM