detecting-typosquatting-packages
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The runtime workflow can ingest outsider-authored free text from
git diff ... | ... python scripts/agent.py screen --stdin, where the diff content (including added dependency names) comes from a PR author outside the operating user’s control and is read line-by-line fromsys.stdininto candidate strings used in LLM context (via the agent’s orchestration).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's install/run steps explicitly fetch and execute remote repositories — e.g., git clone https://github.com/rustfoundation/typomania followed by cargo run, git clone https://github.com/IQTLabs/pypi-scan followed by pip install / python, and downloading/running OSSGadget from https://github.com/microsoft/OSSGadget — which causes execution of externally fetched code at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata