ov-skills
Warn
Audited by Snyk on Jun 25, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow for
ov skillscan ingest outsider-authored free text when the user supplies a public Git/GitHub tree URL or raw content toov skills add, which the tool then clones/fetches and reads the includedSKILL.mdbody into the agent’s context (indirect prompt injection risk via fetched outsider text).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). Flagged because the tool explicitly clones Git/GitHub URLs at runtime (e.g., https://github.com/org/repo.git, git@github.com:org/skills-repo.git, and GitHub tree URLs like https://github.com/anthropics/skills/tree/main/skills/algorithmic-art), and the fetched repository content (SKILL.md and auxiliary files) directly defines agent prompts/instructions that the agent will execute/use.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata