netbox-discovery

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The skill’s runtime config manager can use config_manager.active: git to poll a Git repo and load selector.yaml/policy files; those files are outsider-authored free text that the agent ingests into its execution context (and thus into LLM-relevant processing) via the Git-based policy retrieval path.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The agent's git config_manager polls remote Git repos at runtime (examples: https://github.com/org/policies.git and https://github.com/org/orb-policies.git), and the fetched selector.yaml and policy files directly control the agent's behavior/configuration, meeting the criteria for a high-confidence runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill repeatedly recommends running the agent with elevated privileges (e.g., --net=host, --privileged, -u root, sudo podman, CAP_NET_RAW) and advises bypassing rootless restrictions, which encourages actions that can bypass host security and compromise the machine state.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 07:26 AM
Issues
3
Security Audit — snyk — netbox-discovery