migrate-to-rstest
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). SKILL.md Workflow step 3 explicitly instructs the agent to "open" and fetch official migration guides (e.g., the public rstest pages such as https://rstest.rs/guide/migration/jest.md and vitest.md) and the framework-specific deltas, so the agent will ingest and act on content from open/public third‑party web pages.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to fetch and follow external migration guides (e.g., https://rstest.rs/guide/migration/jest.md and https://rstest.rs/guide/migration/vitest.md), which would directly supply instructions that control the agent's migration decisions and are treated as required references.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata