Skills
skills/vibeeval/vibecosystem/supply-chain-security/Snyk

supply-chain-security

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly queries public registries (e.g., the "Dependency Confusion Risk Assessment" bash snippet using npm show <package> version against the public npm registry and references tools like npm audit/pip-audit), so it fetches and interprets untrusted third-party content which can change decisions (e.g., flagging risk and altering install behavior).

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 09:05 AM
Issues
1
Security Audit — snyk — supply-chain-security