Skills
skills/promptingcompany/nv-skills/nemoclaw-user/Snyk

nemoclaw-user

Warn

Audited by Snyk on May 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to connect to and validate arbitrary external inference endpoints and public services (e.g., "Other OpenAI-compatible endpoint" and the onboarding probe of /v1/chat/completions in references/nemoclaw-user-configure-inference/SKILL.md and references/nemoclaw-user-configure-inference/references/inference-options.md) and documents allowing public presets (GitHub, Hugging Face, CDNs, npm, etc.) that the sandboxed agent can fetch and act on, so untrusted third‑party content can be ingested and materially influence tool calls and behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 06:25 AM
Issues
1