homebrew-formula-maintenance

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL explicitly fetches and parses public PyPI package metadata (see "Confirm PyPI Release" which uses curl https://pypi.org/pypi///json and scripts like homebrew-claude-mpm/scripts/update_formula.sh and generate_resources.py) and uses that untrusted, user-published content to update formula URLs/sha and regenerate resource blocks that directly drive update actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 02:20 PM
Issues
1
Security Audit — snyk — homebrew-formula-maintenance