se-dev-plugin
Warn
Audited by Snyk on May 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's workflow and action docs (SKILL.md, actions/search.md, OtherPluginsAsExamples.md and Prepare.bat) explicitly instruct the agent to download and index plugin source code from the public PluginHub/GitHub (via commands like uv run download_plugin_source.py and uv run download_pluginhub.py), which is untrusted, user-authored third‑party content that the agent is expected to read and use to drive search, decisions, and subsequent code/actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). Prepare.bat (run by the skill's prepare action) fetches and executes remote code via PowerShell ("irm https://astral.sh/uv/install.ps1 | iex") and also downloads a required executable (https://frippery.org/files/busybox/busybox64u.exe), so the skill clearly relies on and executes externally fetched content at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata