autosync-ic-skills
Warn
Audited by Snyk on Jun 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow fetches public web content from
https://skills.internetcomputer.org/.well-known/skills/index.jsonand then downloads skill files fromhttps://skills.internetcomputer.org/.well-known/skills/<skill>/<file>; those outsider-authored texts/files are written into.claude/skills/and become LLM-readable when Claude discovers/loads the syncedSKILL.mdcontent.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). This skill installer downloads and registers a SessionStart hook that fetches and runs remote content from https://skills.internetcomputer.org (notably the installer script at https://skills.internetcomputer.org/.well-known/skills/autosync-ic-skills/scripts/sync-ic-skills.sh and the runtime index at https://skills.internetcomputer.org/.well-known/skills/index.json), and that fetched content is used at runtime to populate .claude/skills (which directly controls agent prompts/skills and can include executable skill code), so it is a runtime external dependency that can control prompts/execute code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata