repo-explorer

Warn

Audited by Snyk on Jun 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). For remote repos, the skill clones outsider-authored public web content at runtime (git clone --depth 1 <url> "$REPO_DIR"), then runs Claude Code which reads repository files (free-form text from those outsider-authored files) into its LLM context via the allowed “Read/Grep/Glob/Bash(*)” tools.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime git clones of arbitrary remote URLs (e.g., git clone --depth 1 such as https://github.com/expressjs/express) and then feeds the fetched repository contents into a nested Claude Code process for exploration, which lets external repository content directly influence agent prompts (prompt injection risk).

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 02:33 PM
Issues
2
Security Audit — snyk — repo-explorer