skills/jwcodewrote/agent_skills_plugin/awesome-design-setup/Snyk

awesome-design-setup

Warn

Audited by Snyk on Apr 9, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads DESIGN.md files from the public GitHub raw URL (https://raw.githubusercontent.com/VoltAgent/awesome-design-md/main/design-md//DESIGN.md) and instructs the AI agent to read and apply those files when building UI components, so untrusted third‑party content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill downloads DESIGN.md at runtime from raw GitHub URLs (e.g. https://raw.githubusercontent.com/VoltAgent/awesome-design-md/main/design-md/{brand}/DESIGN.md) and injects that fetched markdown into the agent's workflow to directly control how the AI should build UI components, so this external content is a runtime dependency that controls prompts.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 9, 2026, 02:38 PM

Issues

2

Security Audit — snyk — awesome-design-setup