preqstation
Fail
Audited by Snyk on Jun 4, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). These URLs include legitimate project endpoints (GitHub, Vercel, fast.io) used in the repo/docs but also personal/placeholder subdomains, an unknown GitHub user repo, wildcard/malformed URLs and personal file-hosting patterns (Fast.io/private links, Vercel app subdomains, Git clone URL) which — while not direct .exe/.msi links — are common vectors for distributing installers or malware and therefore represent a moderate–high risk if you do not trust the specific owner or content.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). In the
commentobjective path, the skill callspreq_list_task_comments/preq_get_task_commentto fetch outsider-authored comment text (other users’ comments) and then uses that fetched prose as conversational context forpreq_reply_task_comment, which is fed into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill calls the PREQ/STATION MCP/API endpoints at runtime (e.g., the PREQ MCP URL https:///mcp and the PREQSTATION_API_URL such as https://your-preqstation-domain.vercel.app used by scripts/curl) to fetch task notes, acceptance criteria and lifecycle instructions (preq_get_task, preq_list_tasks, etc.), and that fetched content directly drives the agent's prompts/behavior and is required for operation.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata