skills/vibeeval/vibecosystem/pentest-methodology/Snyk

pentest-methodology

Warn

Audited by Snyk on Apr 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md's Phase 1 Recon and Source review steps (e.g., "Source review: JS dosyalari, comments", "API discovery: Swagger/OpenAPI, sitemap", directory enumeration) explicitly require fetching and interpreting public website/API content from third-party targets, which are untrusted and can materially influence subsequent testing actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 24, 2026, 05:43 PM

Issues

1

Security Audit — snyk — pentest-methodology