opensrc
Warn
Audited by Snyk on Jul 6, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md describes a runtime workflow that fetches dependency source code from external registries/repos (e.g.,
opensrc path pypi:requests,crates:serde,facebook/react) and then reads files from the downloaded repositories into the agent context via commands likecat $(opensrc path ...)/src/types.ts, which is outsider-authored free text.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata