magicpath
Warn
Audited by Snyk on May 26, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches user-generated MagicPath content (components and themes) via commands like get-theme (whose theme.prompt field contains designer natural-language instructions) and inspect/code/context (which reads component source), and it directs the agent to read and follow those external prompt-style fields and component source as part of its workflow, creating a clear path for indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly runs npx -y magicpath-ai which fetches and executes the magicpath-ai package from the npm registry (e.g. https://registry.npmjs.org/magicpath-ai or https://www.npmjs.com/package/magicpath-ai) at runtime, so remote code is downloaded and executed and the skill depends on it.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata