godfetch
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (author docs via llms-probe.sh/WebFetch, community-curated Context7 snippets, public GitHub repos/issues/PRs via git-clone and gh commands, and registry data from deps.dev), and the agent is instructed to read and act on that content as part of its workflow, creating clear exposure to untrusted user-generated or community content that could carry indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The llms-probe script actively probes and fetches docs files at runtime (e.g. URLs like https:///llms.txt or https:///llms-full.txt as constructed by scripts/llms-probe.sh) and those fetched doc pages are then retrieved and injected into the agent's context to drive responses, so external content can directly control prompts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata