skills/miketromba/skills/isolated-vm/Snyk

isolated-vm

Warn

Audited by Snyk on Apr 10, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill's required "Research Process" directs a spawned sub-agent to fetch and parse the public GitHub README at https://raw.githubusercontent.com/laverdet/isolated-vm/main/README.md (and optionally npm/issue pages), meaning the agent will ingest and act on untrusted, user-accessible third‑party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill's research sub-agent prompt explicitly requires fetching and using https://raw.githubusercontent.com/laverdet/isolated-vm/main/README.md at runtime to drive the sub-agent's responses, meaning external content directly controls the agent's instructions.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 10, 2026, 07:42 PM

Issues

2