skills/michailbul/laniameda-skills/Agentic Website Stack/Snyk

Agentic Website Stack

Warn

Audited by Snyk on Apr 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill's trendScanner agent (convex/agents/trendScanner.ts) fetches public Google News RSS headlines, feeds those untrusted third‑party headlines into the AI (callAI) to generate article ideas, and then inserts those ideas into the pipeline — allowing external content to influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill's trendScanner action fetches live headlines from Google News RSS at runtime using URLs like https://news.google.com/rss/search?q=${encodeURIComponent(domain)}&hl=en and feeds those headlines directly into the AI prompt (callAI), so external content controls the agent's prompt input.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 17, 2026, 10:29 AM

Issues

2