qa-testing
Warn
Audited by Snyk on Apr 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and interacts with arbitrary HTTP web apps via cmux_browser (e.g., "cmux_browser({ action: 'open', url: 'http://localhost:3000' })" and navigation steps) and injects a third‑party CDN script for axe-core from https://cdnjs.cloudflare.com in the Accessibility Audit step, meaning untrusted public content/JS is fetched and its results are read and used to drive testing and reporting.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill injects and executes remote JavaScript at runtime from https://cdnjs.cloudflare.com/ajax/libs/axe-core/4.10.2/axe.min.js to run the accessibility audit (axe.run()), which is remote code fetched and executed as part of the workflow.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata