skills/spencerpauly/awesome-cursor-skills/updating-npm-package/Snyk

updating-npm-package

Warn

Audited by Snyk on Apr 12, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching package info from npmjs.com (npm view) and reading package GitHub CHANGELOGs, release notes, and web migration guides (public, user-generated content) which the agent is expected to read and act on to implement breaking-change fixes.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 12, 2026, 09:44 PM

Issues

1