Lightpanda
Fail
Audited by Snyk on May 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These URLs include direct downloads of unsigned "nightly" binaries hosted on a relatively unknown GitHub repo (lightpanda-io/browser) — a common vector for distributing executables — so despite the script attempting checksum verification via the repo metadata, installing/running these untrusted nightly binaries poses a moderate-to-high risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow for this skill is using Lightpanda to
goto/fetcharbitrary user-supplied URLs and then ingest the resulting page content (e.g.,markdown,semantic_tree,mcp://page/markdown) into the agent’s LLM context, which is outsider-authored free text from public web pages.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The install script (scripts/install.sh) fetches and installs a remote binary from GitHub (e.g., https://github.com/lightpanda-io/browser/releases/download/nightly/lightpanda-x86_64-linux and the GitHub API URL https://api.github.com/repos/lightpanda-io/browser/releases/tags/nightly), verifies it, makes it executable, and runs it for testing, so the skill runtime/install step fetches and executes remote code.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata