skill-installer

Warn

Audited by Snyk on Apr 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the tool to fetch real-time data from public GitHub repositories and the SkillsMP marketplace (via python ~/.skills/skill-installer/scripts/fetch_skills.py with --online and --skillsmp options), meaning the agent will ingest untrusted, user-generated content from GitHub/SkillsMP that can change installed skill behavior and thus influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill-installer explicitly fetches and installs skills at runtime from external GitHub repositories (e.g., https://github.com/anthropics/skills), and those repositories contain SKILL.md files which are agent prompts/instructions that will be injected/used by the agent, so remote content from GitHub (and SkillsMP at skillsmp.com / manus.im import URLs) can directly control agent behavior and is a required dependency.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 05:39 PM
Issues
2
Security Audit — snyk — skill-installer