skills/google-gemini/gemini-skills/gemini-api-dev/Snyk

gemini-api-dev

Warn

Audited by Snyk on Apr 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to fetch the index and documentation pages (e.g., https://ai.google.dev/gemini-api/docs/llms.txt and linked .md.txt pages) as a required fallback when MCP is unavailable, and that fetched content is used to determine API behavior/instructions, so it directly controls the agent's prompts.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 29, 2026, 09:03 PM

Issues

1