Skills
skills/growthenginenowoslawski/coldoutboundskills/icp-prompt-builder/Snyk

icp-prompt-builder

Warn

Audited by Snyk on Apr 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests and scores company data produced by external list-builder skills (domains, descriptions, LinkedIn URLs, etc.) and even scrapes the client's/public website for context (see "Step 1 — Gather ICP context" and "Step 2/Step 4 — Select 10 test companies" / "Run the prompt on the 10 companies"), so untrusted public content is read and used to drive scoring/decisions and could therefore enable indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 10:21 AM
Issues
1
Security Audit — snyk — icp-prompt-builder