skill-card-generator

Warn

Audited by Snyk on Jun 12, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The required runtime workflow runs scripts/discover_assets.py on the target skill directory and then feeds extracted file contents (including arbitrary markdown/text from that directory) into the LLM context for Jinja rendering, so any outsider-authored text in the target skill’s files can be ingested (local-file prompt injection via skill-scope content).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 12, 2026, 09:10 PM
Issues
1
Security Audit — snyk — skill-card-generator