skills/caffeinelabs/skills/http-outcalls/Snyk

http-outcalls

Warn

Audited by Snyk on Mar 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). This skill's backend outcall module (mo:caffeineai-http-outcalls/outcall) explicitly allows making HTTP GET/POST requests to arbitrary URLs and passes the HTTP response into the provided transform callback (shown in SKILL.md), so the agent will read and act on untrusted public web content that could contain injected instructions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 29, 2026, 05:39 PM

Issues

1

Security Audit — snyk — http-outcalls