skills/jeffallan/claude-skills/chaos-engineer/Snyk

chaos-engineer

Warn

Audited by Snyk on Apr 30, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md CI/CD workflow explicitly fetches and applies a public manifest (e.g., "kubectl apply -f https://litmuschaos.github.io/litmus/litmus-operator-v2.14.0.yaml"), so the skill's required execution steps ingest untrusted third‑party content from the open web that can materially change actions and cluster state.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The GitHub-hosted Litmus manifest (https://litmuschaos.github.io/litmus/litmus-operator-v2.14.0.yaml) is fetched and applied at runtime via "kubectl apply -f …" in the CI workflow, causing external manifests to be executed as a required dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 30, 2026, 01:09 AM

Issues

2