ucp-dev-patterns
Warn
Audited by Snyk on Mar 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's "Before writing code" step explicitly instructs fetching live references from public websites (web-search site:ucp.dev and https://ucp.dev/2026-01-23/documentation/core-concepts/) and the Ecosystem References list public GitHub/community links, meaning the agent is expected to ingest and act on open third-party web content that could influence implementation decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata