homebrew-formula-maintenance
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL explicitly fetches and parses public PyPI package metadata (see "Confirm PyPI Release" which uses curl https://pypi.org/pypi///json and scripts like homebrew-claude-mpm/scripts/update_formula.sh and generate_resources.py) and uses that untrusted, user-published content to update formula URLs/sha and regenerate resource blocks that directly drive update actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata