skills/know-your-people/vibes-skill/vibes/Snyk

vibes

Warn

Audited by Snyk on Apr 7, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs updating by fetching a new SKILL.md from a public GitHub raw URL (https://raw.githubusercontent.com/Know-Your-People/vibes-skill/main/SKILL.md), which would cause the agent to ingest and act on third-party-hosted content that could change skill behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 7, 2026, 10:45 AM

Issues

1