skills/xmake-io/xmake-skills/xmake-repo-testing/Snyk

xmake-repo-testing

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says the test script installs packages and can --fetch or pull deps from the remote binary cache (see "What the script actually does" and the "--fetch"/"--precompiled" flags), so the workflow fetches and executes untrusted third‑party package artifacts that can influence build/test actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 8, 2026, 12:02 PM

Issues

1

Security Audit — snyk — xmake-repo-testing