skills/virtuslab/scala-skill/direct-style-scala/Snyk

direct-style-scala

Warn

Audited by Snyk on Apr 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). SKILL.md's "Use-Case Guide" explicitly requires the agent to fetch the COMPLETE chapter content from the public raw GitHub URL (https://raw.githubusercontent.com/virtuslab/scala-skill/refs/heads/master/direct-style-scala/...) and to follow those fetched chapters as mandatory guidance, meaning the agent will ingest and act on open/public third‑party content that can influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to fetch complete chapters from https://raw.githubusercontent.com/virtuslab/scala-skill/refs/heads/master/direct-style-scala/ which directly control agent instructions and are presented as a required dependency, so this external raw GitHub URL is a high-confidence runtime control vector.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 13, 2026, 07:54 AM

Issues

2

Security Audit — snyk — direct-style-scala