skills/scalekit-inc/skills/scalekit-code-doctor/Snyk

scalekit-code-doctor

Warn

Audited by Snyk on May 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the agent to fetch and parse live public third‑party documentation and repositories (e.g., https://docs.scalekit.com/apis.md and raw.githubusercontent.com / GitHub example repos) to verify methods and guide code generation/review, so external public content can directly influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching live reference files at runtime (e.g. https://docs.scalekit.com/apis.md and https://raw.githubusercontent.com/scalekit-inc/scalekit-sdk-node/main/REFERENCE.md) to verify method names and example repos, so external content would directly control the agent's generated prompts/instructions and is a runtime dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 13, 2026, 12:23 PM

Issues

2