skills/auth0/agent-skills/auth0-angular/Snyk

auth0-angular

Warn

Audited by Snyk on May 6, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The skill's automated setup (references/setup.md) explicitly downloads a public install script via curl from raw.githubusercontent.com and suggests running/reviewing it as part of the Quick Setup, which clearly fetches untrusted third‑party content that could change execution behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The setup script downloads and executes a remote installer at runtime (curl ... https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh -> sh /tmp/auth0-install.sh), which fetches and runs remote code required by the skill.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 6, 2026, 04:42 PM

Issues

2