skills/bankrbot/skills/Frontend UX/Snyk

Frontend UX

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). At runtime the skill’s install/setup uses curl -s https://ethskills.com/frontend-ux/SKILL.md to fetch readable text from a public web page, which is outsider-authored free text that can be ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The catalog's install.command and setup explicitly instruct fetching and reading https://ethskills.com/frontend-ux/SKILL.md at runtime (via curl and "Tell your agent: 'Read https://ethskills.com/frontend-ux/SKILL.md before building UI'"), so external content can directly control agent prompts/instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 19, 2026, 01:18 PM

Issues

2

Security Audit — snyk — Frontend UX