skills/alekseiul/sprut-agent-kit/audit-website/Snyk

audit-website

Warn

Audited by Snyk on Apr 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). SKILL.md's "Сбор данных" step explicitly instructs the agent to run web_fetch URL and browser action=open targetUrl=URL (and snapshot the DOM) to fetch and analyze arbitrary public websites, meaning the agent will read untrusted third‑party content which can materially influence audit decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 16, 2026, 05:28 PM

Issues

1

Security Audit — snyk — audit-website