skills/vercel-labs/academy-skills/filesystem-agents/Snyk

filesystem-agents

Warn

Audited by Snyk on Apr 3, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's Teaching Mode explicitly fetches lesson content from the public Vercel Academy API (e.g., GET https://vercel.com/academy/filesystem-agents/.md) and requires the agent to follow the returned block, so externally-hosted markdown can be read and directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches lesson content at runtime from the Vercel Academy endpoints (e.g. GET https://vercel.com/academy/filesystem-agents/.md and https://vercel.com/academy/filesystem-agents.md) and instructs the agent to follow the returned block, meaning remote content directly controls the agent's instructions during execution.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 3, 2026, 01:34 PM

Issues

2