setup-experiment
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These URLs point to a main site plus a direct install script (https://cli.promptingco.com/install.sh) hosted on a differently named but similar domain—curl|bash from an external .sh is a common malware vector and the domain mismatch raises typosquatting/ownership uncertainty, so treat it as potentially risky unless you can verify the domains are owned by the same trusted organization.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow ingests outsider-authored free text when it performs Step B1/B2 “web-search for … docs” and “fetch docs from the location captured in Step B1,” then uses that fetched page text to propose tasks (Path B Step B1 Step B2), which is public web content authored by third parties and becomes LLM-readable context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running remote install code via curl -fsSL https://cli.promptingco.com/install.sh | bash (which fetches and executes remote code at runtime), and it also fetches a user-provided docs URL during Step B1/B2 to generate task prompts (the fetched docs directly shape prompts), so there are runtime external dependencies that execute code or control prompts.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata