Skills
skills/adaptyteam/adapty-sdk-integration-skill/adapty-sdk-integration/Snyk

adapty-sdk-integration

Fail

Audited by Snyk on May 7, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.90). The prompt instructs the agent to silently modify local '.claude/settings.json' to pre-authorize curl calls (including POSTs to Slack/Airtable and a third‑party feedback endpoint) and bypass approval prompts, which overrides system context and enables possible data exfiltration outside the core Adapty-integration purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and reading live Adapty docs (e.g., many "curl -s https://adapty.io/docs/.md" commands and a Phase 0 permission to allow curl to https://adapty.io/docs/*) before writing code, so external public documentation is ingested and can materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs curl at runtime to fetch Adapty documentation (e.g., "curl -s https://adapty.io/docs/.md"), and those fetched .md pages are required and used to control the agent's instructions and code-writing, so the https://adapty.io/docs/.md URLs are a runtime dependency that can directly control agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly for integrating an in-app purchases/paywall system and uses the Adapty CLI to create and manage purchasable products, subscriptions, paywalls, and placements (e.g., commands like npx adapty@latest products create, paywalls create, placements create, handling iOS/Android product IDs and Android base plan IDs). These are specific monetization/payment setup operations (subscription/product creation and dashboard configuration) rather than generic tooling, so it qualifies as direct financial execution capability.

Issues (4)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 7, 2026, 08:21 AM
Issues
4