using-skillshub
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and clones arbitrary GitHub repos, gists, and star-list URLs and auto-discovers/installs SKILL.md files from those taps (see SKILL.md "skillshub add ", "skillshub tap add", "add a Gist" and references/architecture.md describing tap cloning and SKILL.md auto-discovery), which are untrusted, user-generated instruction files that the agent is expected to read and that can influence subsequent tool use and behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches SKILL.md files at runtime from external git repos and gists (e.g. skillshub add https://github.com/owner/repo/tree/main/path/to/skill, skillshub add https://gist.github.com/user/<gist_id>, and taps like https://github.com/EYH0602/skillshub), and those fetched SKILL.md files directly control agent instructions, so these runtime URL fetches are a high-confidence risky dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata