axiom-apple-docs
Warn
Audited by Snyk on May 11, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's research doc (skills/apple-docs-research.md) explicitly instructs using the Chrome browsing tool to navigate and read WWDC pages on developer.apple.com and to fetch documentation from the third‑party sosumi.ai site (e.g., https://developer.apple.com/videos/play/... and https://sosumi.ai/documentation/...) so the agent reads and acts on public web transcripts/docs as part of its workflow.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to navigate/fetch external content (e.g., https://developer.apple.com/videos/play/wwdc2025/278/ and https://sosumi.ai/documentation/...) and to read that fetched markdown/transcript into the agent's context to drive responses, so these URLs are runtime dependencies that directly control prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata