claude-sdk

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow can include WebFetch/WebSearch (public web content) and MCP servers (e.g., GitHub/Slack/Drive or other third-party/community servers), whose fetched/returned free-form text is ingested into the agent’s LLM context via tool outputs; this is an outsider-source path enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The MCP server configuration in the skill runs external packages at runtime (e.g., "npx -y @modelcontextprotocol/server-github" and "docker run mcp-postgres-server"), which will fetch and execute remote code and can expose tool definitions that directly affect agent behavior (see the referenced MCP site https://modelcontextprotocol.io).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill's documentation explicitly references payment-related integrations and tools: it lists Stripe as an example MCP server (a payment gateway) and includes a test/integration example asserting "process_payment" in tool_calls. Those are specific, finance-focused APIs/tools that enable sending/processing payments (i.e., moving money). Although the SDK is general-purpose, the presence of explicit payment gateway integration and a payment-processing tool constitutes direct financial execution capability.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 09:38 AM
Issues
3
Security Audit — snyk — claude-sdk