microsim-matcher
Warn
Audited by Snyk on Feb 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's mandatory Step 0 instructs the agent to query the public GitHub repo (via the GitHub API curl to https://api.github.com/repos/dmccreary/claude-skills/... and/or download https://github.com/dmccreary/claude-skills/blob/main/skills/microsim-matcher/references/matching-criteria.md) and Step 3 requires loading that matching-criteria.md to drive scoring and recommendations, meaning untrusted public GitHub content would directly influence tool selection and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs a runtime version check that fetches GitHub data (curl to https://api.github.com/repos/dmccreary/claude-skills/commits?path=skills/microsim-matcher/references/matching-criteria.md&page=1&per_page=1) and offers an auto-update (check-version.py --update / git pull) to download the remote matching-criteria.md, which would directly change the reference content that controls the agent's scoring and instructions.
Audit Metadata