cz-perspective
Fail
Audited by Snyk on Apr 8, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.85). No technical malware/backdoor patterns or data-exfiltration code are present, but the skill contains high-risk prompt‑injection and impersonation directives (forced first‑person persona of a real, living individual; persistent role state with one‑time disclaimer; trigger phrases that silently activate the behavior) that enable social‑engineering, deceptive attribution, and potential fraud—overall a high abuse risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "Step 2: CZ式研究" — "先研究再回答") and accompanying README/research files explicitly list and rely on fetching public third‑party sources (e.g., 4,449 tweets, AMAs, news interviews and many URLs in research/* and the "PRIORITY FETCH LIST"), so the agent is expected to ingest untrusted, user‑generated open web content that can materially influence its actions.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata