repo-explorer
Warn
Audited by Snyk on Jun 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). For remote repos, the skill clones outsider-authored public web content at runtime (
git clone --depth 1 <url> "$REPO_DIR"), then runs Claude Code which reads repository files (free-form text from those outsider-authored files) into its LLM context via the allowed “Read/Grep/Glob/Bash(*)” tools.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime git clones of arbitrary remote URLs (e.g., git clone --depth 1 such as https://github.com/expressjs/express) and then feeds the fetched repository contents into a nested Claude Code process for exploration, which lets external repository content directly influence agent prompts (prompt injection risk).
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata