ucp-dev-patterns

Warn

Audited by Snyk on Mar 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's "Before writing code" step explicitly instructs fetching live references from public websites (web-search site:ucp.dev and https://ucp.dev/2026-01-23/documentation/core-concepts/) and the Ecosystem References list public GitHub/community links, meaning the agent is expected to ingest and act on open third-party web content that could influence implementation decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 07:31 AM
Issues
1
Security Audit — snyk — ucp-dev-patterns