skills/xspoonai/spoon-awesome-skill/security-audit/Snyk

security-audit

Warn

Audited by Snyk on May 11, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's fetch_contract.py script (and README/SKILL.md "Get contract source" workflow) explicitly fetches verified source code from public blockchain explorers like Etherscan/Solscan, meaning the agent ingests untrusted, user‑provided third‑party content which directly drives static analysis, PoC generation and follow‑on actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 11, 2026, 03:11 PM

Issues

1

Security Audit — snyk — security-audit