nexus-proposal-scout
Warn
Audited by Snyk on May 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The workflow fetches
PHASE.mdfromrepos/<org.github_org>/.github/contents/...viagh api ... --jq .content | base64 -d, which ingests outsider-authored free text from a GitHub org’s repository into the agent’s LLM context at runtime.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches the org's PHASE.md at runtime using the GitHub API endpoint (gh api repos/<org.github_org>/.github/contents/profile/PHASE.md --jq .content | base64 -d) and requires that content to determine what to propose, so remote content directly controls the agent's instructions.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata