github-trending
Warn
Audited by Snyk on May 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run gh-explorer to fetch/scrape current GitHub Trending repositories from GitHub's public pages (see the SKILL.md workflow and Failure Handling note that trending is "scraped from GitHub's public page"), which are untrusted, user-generated sources whose text the agent reads and summarizes and can materially influence its recommendations — enabling indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill's runtime runs "npx --yes gh-explorer", which causes npx to fetch and execute the external npm package (e.g. https://registry.npmjs.org/gh-explorer or https://www.npmjs.com/package/gh-explorer), so a remote package is downloaded and executed at runtime and is required for the skill to function.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata