Skills
skills/zjy365/seakills/cloud-native-readiness/Snyk

cloud-native-readiness

Warn

Audited by Snyk on Apr 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and clones arbitrary GitHub URLs ("Usage" in SKILL.md: "/cloud-native-readiness # Clone and assess") and then mandatorily reads and interprets the repository contents as part of modules/assess.md and modules/detect.md to decide actions (including invoking dockerfile-skill), so untrusted third-party repo content can directly influence tool use and decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 1, 2026, 08:16 AM
Issues
1