Skills
skills/chandrashekhar-appointy/bifrost-agent-skills/bifrost-platform/Snyk

bifrost-platform

Warn

Audited by Snyk on Apr 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's workflow and preflight instructions explicitly direct the agent to inspect and clone remote repositories and to run commands like bifrost github repos <installation-id> / bifrost github installations and git remote -v, which cause the agent to fetch and parse user-generated content from GitHub (public or private third‑party repos) and use that content to make deployment and runtime decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 10:04 AM
Issues
1
Security Audit — snyk — bifrost-platform