skills/proxiblue/claude-skills/security-scan/Snyk

security-scan

Warn

Audited by Snyk on Apr 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs curl checks against public URLs (e.g., "curl -I https://example.com/.git/config", ".env", "var/log/system.log") as part of its required file-exposure scanning, which means the agent fetches and interprets content from open/public sites that could be untrusted and influence scanning decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 12, 2026, 11:31 AM

Issues

1

Security Audit — snyk — security-scan