ai-for-science-deepfri
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md Step 1 explicitly instructs downloading pretrained models from a public URL (wget https://users.flatironinstitute.org/.../trained_models.tar.gz) and the provided scripts (convert_weights.py, predict_npu.py) load and act on those HDF5 files and model_config.json from trained_models/, so untrusted third‑party content is ingested at runtime and can materially change conversion/prediction behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's runtime setup explicitly clones and downloads external artifacts that are later executed/used (git clone https://github.com/flatironinstitute/DeepFRI.git and wget https://users.flatironinstitute.org/~renfrew/DeepFRI_data/trained_models.tar.gz), so these URLs fetch required remote code/models that will be run by the skill.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata