skills/jamie-bitflight/claude_skills/external-pattern-integrator/Snyk

external-pattern-integrator

Warn

Audited by Snyk on Mar 29, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches arbitrary external URLs ("If URL: Use WebFetch or curl to download to /tmp/external-pattern-{slug}.md" in Phase 1.2) and then reads and interprets the full external source to drive edits, enhancements, and commits (Phase 2.2), which exposes the agent to untrusted third-party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). During runtime the skill explicitly fetches external URLs via WebFetch/curl (e.g., https://github.com/glittercowboy/get-shit-done/blob/main/agents/gsd-codebase-mapper.md) and injects the fetched content into its analysis/editing workflow, allowing remote content to directly influence agent prompts and behavior.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 29, 2026, 08:40 AM

Issues

2

Security Audit — snyk — external-pattern-integrator