skills/shashwatgtm/optise-helix-aeo-skills/optise-helix-fitq-audit/Snyk

optise-helix-fitq-audit

Warn

Audited by Snyk on Apr 16, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill's mandatory workflow (Section 4 Step 3: "Run fetch_page.py" and the scripts/fetch_page.py code) fetches and parses arbitrary public URLs' rendered HTML and uses that untrusted third‑party content to compute FITq scores and drive fixes/hand-offs, so external page content can materially influence the agent's decisions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 16, 2026, 02:41 PM

Issues

1

Security Audit — snyk — optise-helix-fitq-audit