unity-vrc-udon-sharp
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and CHEATSHEET explicitly require and document web-loading (references/web-loading.md and the CHEATSHEET web-loading section) using VRCStringDownloader.LoadUrl and VRCImageDownloader.DownloadImage (including user-supplied VRCUrl/VRCUrlInputField and parsed JSON), which ingests untrusted public web content that the agent is expected to parse and act on at runtime, creating a clear path for indirect prompt injection.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata