skills/xingyu4j/skills/inspira-ui/Snyk

inspira-ui

Warn

Audited by Snyk on Mar 4, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to fetch and browse public pages (e.g., https://inspira-ui.com/docs/llms-full.txt and https://inspira-ui.com/components), so the agent will ingest and act on open third‑party website content that can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly tells the user/agent to fetch https://inspira-ui.com/docs/llms-full.txt at runtime — an "LLM-optimized" remote document that would be injected/used in the agent context and could directly control prompts or behavior.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 4, 2026, 07:34 AM