Skills
skills/bgauryy/octocode-mcp/octocode-search-skill/Snyk

octocode-search-skill

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads public GitHub SKILL.md files and repo contents via Octocode MCP calls (githubSearchCode, githubSearchRepositories, githubViewRepoStructure, githubGetFileContent) to search, preview, and install skills, meaning untrusted, user-generated GitHub content can be interpreted and used to drive searches and install actions (see SKILL.md and INSTALL_REFERENCE.md workflows).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill calls githubGetFileContent at runtime to fetch SKILL.md files (e.g. https://github.com///blob///SKILL.md), and those fetched files are injected into the agent's responses and used to drive installs, so remote GitHub content can directly control prompts/install behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 03:56 PM
Issues
2