wear-compose-m3
Warn
Audited by Snyk on Jul 10, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md mandates downloading and extracting
compose-*-{VERSION}-samples-sources.jarfrom Google Maven at runtime (network-fetched outsider-authored source code), then reading the extracted.ktfiles into the agent’s context as “source of truth”.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to fetch and extract Google Maven artifacts (which are required before implementing code) from the URLs https://dl.google.com/dl/android/maven2/androidx/wear/compose/compose-material3/maven-metadata.xml and https://dl.google.com/dl/android/maven2/androidx/wear/compose/compose-{ARTIFACT}/{VERSION}/compose-{ARTIFACT}-{VERSION}-samples-sources.jar, so remote content directly controls the agent's implementation decisions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata