Skills
skills/nexu-io/open-design/gsap-core/Snyk

gsap-core

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to open and install the upstream bundle from a public GitHub URL (https://github.com/greensock/skills), requiring the agent to fetch and interpret untrusted, user-maintained README/assets that could influence execution and tool use.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 12:19 PM
Issues
1
Security Audit — snyk — gsap-core