Skills
skills/yonatangross/skillforge-claude-plugin/design-context-extract/Snyk

design-context-extract

Warn

Audited by Snyk on May 7, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs fetching and analyzing live URLs (e.g., the Step 1 "For URLs" section and examples like "/ork:design-context-extract https://example.com" and "If not: WebFetch the URL and analyze HTML/CSS"), so the agent will ingest and interpret arbitrary public web content which can materially influence extraction outputs and subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 7, 2026, 06:02 AM
Issues
1