Skills
skills/wot-ui/open-wot/wot-ui-cli/Snyk

wot-ui-cli

Warn

Audited by Snyk on Apr 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public upstream repository content (open-wot/wot-ui) as part of its workflow — see "Data Source And Extraction" in references/overview.md and SKILL.md which list commands like pnpm extract:cli --wot-dir ../wot-ui and pnpm extract:clone that fetch/clone and extract markdown/SCSS from the public repo, so untrusted third‑party content can influence agent behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 11:10 AM
Issues
1
Security Audit — snyk — wot-ui-cli