neta-creative
Warn
Audited by Snyk on May 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests arbitrary external media via the upload command (accepting http:// or https:// URLs) and instructs the agent to call read_collection to fetch collection payloads (including launch_prompt/core_input and reference images) which the agent must read and incorporate into generation workflows, exposing it to untrusted user-hosted web content that can influence subsequent tool calls and prompts.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes npx to fetch and execute the remote npm package @talesofai/neta-skills at runtime (e.g. https://www.npmjs.com/package/@talesofai/neta-skills or https://registry.npmjs.org/@talesofai/neta-skills), which downloads and runs external code the skill depends on and therefore can directly control behavior.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill includes explicit payment-related commands: create_premium_order and pay_premium_order --channel "stripe-checkout", and references "Premium (plans, orders, Stripe)" and checkout verification flows. This is a specific payment-gateway integration (Stripe Checkout) and therefore provides direct financial execution capability rather than a generic tool.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata