pencil-design
Warn
Audited by Snyk on May 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly tells the agent to fetch and open the skill documentation from public CDNs (e.g., https://unpkg.com/@pencil.dev/cli@latest/SKILL.md and https://cdn.jsdelivr.net/npm/@pencil.dev/cli@latest/SKILL.md), which are open/public third‑party sources the agent is expected to read and act on as part of its workflow, allowing indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to fetch the SKILL.md at runtime via URLs such as https://unpkg.com/@pencil.dev/cli@latest/SKILL.md (and the jsDelivr mirror https://cdn.jsdelivr.net/npm/@pencil.dev/cli@latest/SKILL.md) using curl, and that fetched document would be ingested as the skill's instructions (directly controlling agent behavior), which is a runtime dependency capable of changing prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata