component-factory
Warn
Audited by Snyk on Jun 22, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The workflow runs
gh issue view Nto read each issue’s body (outsider-authored issue text) and then passes that content into the builder agent via the builder prompt/output, creating an indirect prompt-injection path from GitHub issue text into the LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill instructs builder agents at runtime to run
gh issue view N, which fetches remote GitHub issue content (e.g. https://github.com///issues/N) that directly drives the agent's behavior and is a required dependency for building the component, so this external content is a runtime control vector.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs spawned agents to run with "mode: 'bypassPermissions'", directly asking the agent to bypass security/permission controls (a form of privilege escalation), which is a clear prompt to compromise the host's security state.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata