skills/nangongwentian-fe/jay-skills/sync-skill-to-jay/Snyk

sync-skill-to-jay

Warn

Audited by Snyk on Apr 4, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). This skill explicitly clones and reads a public GitHub repo (git clone https://github.com/nangongwentian-fe/jay-skills.git) and then scans each skills/*/SKILL.md to extract descriptions and Examples to regenerate the README and drive commits/pushes, meaning it ingests untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The workflow explicitly runs "git clone https://github.com/nangongwentian-fe/jay-skills.git" and "npx skills add https://github.com/nangongwentian-fe/jay-skills" at runtime, and that repository can contain SKILL.md prompt definitions or install scripts which would directly control agent prompts or execute remote code.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 4, 2026, 04:30 AM

Issues

2