skills/bankrbot/skills/Frontend Playbook/Snyk

Frontend Playbook

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.95). The required workflow uses curl -s https://ethskills.com/frontend-playbook/SKILL.md at runtime, which fetches public web content (outsider-authored) and makes it LLM-readable prose for the agent.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The catalog instructs runtime fetching of remote instructions via "curl -s https://ethskills.com/frontend-playbook/SKILL.md" and tells agents to "Read https://ethskills.com/frontend-playbook/SKILL.md before deploying", so content from https://ethskills.com/frontend-playbook/SKILL.md is fetched at runtime and directly controls agent behavior and is a required dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 19, 2026, 01:18 PM

Issues

2

Security Audit — snyk — Frontend Playbook