eas-workflows
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required workflow fetches public web content at runtime (Expo’s JSON schema and MDX syntax/docs via
node <skill-dir>/scripts/fetch.js <url>andscripts/validate.jscallingfetchCached), and that fetched free-form text/JSON is then parsed and used to generate/validate responses in the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill fetches the runtime schema and docs (notably https://api.expo.dev/v2/workflows/schema and the raw.githubusercontent.com MDX URLs) via scripts/fetch.js and scripts/validate.js, and that fetched content is used as the authoritative source to validate workflows and to derive answers, so remote content directly controls agent outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata