enonic-sandbox-manager
Warn
Audited by Snyk on Apr 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and installing code/artifacts from public third-party URLs (e.g., "enonic create -r " allowing full GitHub URLs in references/cli-reference.md and examples, "enonic app install --url" in Step 6 and references/examples.md, and the CI template which checks out repo code), so the agent's workflow ingests untrusted user-generated web content that can influence subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill includes a Linux install command that fetches and pipes a remote shell script to sh (wget -qO- https://repo.enonic.com/public/com/enonic/cli/installer/cli-linux/1.0.0/cli-linux-1.0.0.sh | sh), which clearly executes remote code at runtime as part of installing a required CLI dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata