skills/xmake-io/xmake-skills/xmake-packages/Snyk

xmake-packages

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md instructs using xmake/xrepo to fetch and install packages and even add public repositories (e.g., add_repositories "my-repo https://github.com/me/my-xmake-repo.git" and xrepo install/info/search commands), which clearly ingests untrusted public third-party code/metadata that can materially influence build and tool behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 8, 2026, 12:02 PM

Issues

1

Security Audit — snyk — xmake-packages