webpack
Warn
Audited by Snyk on Mar 29, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md Module Federation examples explicitly configure webpack to load remote modules from external URLs (e.g., remotes: { remoteApp: 'remoteApp@http://localhost:3001/remoteEntry.js' } in SKILL.md) and references/optimization.md even shows loading libs from a CDN (https://unpkg.com/...), meaning the runtime will fetch and execute third-party code that could materially influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill shows runtime Module Federation remotes and CDN externals that are fetched and executed at application runtime (e.g., remoteEntry at http://localhost:3001/remoteEntry.js and the CDN example https://unpkg.com/react/umd/react.production.min.js), so external content would execute remote code when used.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata