skills/danmossa/spacetimedb-skills/spacetimedb-reducers/Snyk

spacetimedb-reducers

Warn

Audited by Snyk on May 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's "Scheduling Procedures" examples (references/functions-reducers.md and SKILL.md) show inserting user-provided URLs into a schedule table (fetch_schedule) and a procedure (fetch_external_data / ctx.http.get or ctx.http.fetch) that fetches and processes those arbitrary URLs, exposing the agent to untrusted third-party content.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 7, 2026, 08:28 PM

Issues

1

Security Audit — snyk — spacetimedb-reducers