speckle-impl-automate-functions
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill's runtime explicitly calls AutomationContext.receive_version() (see examples/main.py and references/methods.md) to ingest user-uploaded Speckle model/version data and then flattens and interprets object properties to drive actions like attach_error_to_objects and mark_run_failed/mark_run_success, so untrusted user-generated model content can materially influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The auto-generated GitHub Actions workflow includes a runtime "uses: specklesystems/speckle-automate-github-composite-action@main" (and also uses actions/checkout@v4), which causes GitHub to fetch and execute remote action code from those repositories during CI/CD runs, so these external repo URLs are runtime dependencies that execute remote code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata