cz-perspective

Fail

Audited by Snyk on Apr 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.85). No technical malware/backdoor patterns or data-exfiltration code are present, but the skill contains high-risk prompt‑injection and impersonation directives (forced first‑person persona of a real, living individual; persistent role state with one‑time disclaimer; trigger phrases that silently activate the behavior) that enable social‑engineering, deceptive attribution, and potential fraud—overall a high abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "Step 2: CZ式研究" — "先研究再回答") and accompanying README/research files explicitly list and rely on fetching public third‑party sources (e.g., 4,449 tweets, AMAs, news interviews and many URLs in research/* and the "PRIORITY FETCH LIST"), so the agent is expected to ingest untrusted, user‑generated open web content that can materially influence its actions.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 8, 2026, 07:26 AM
Issues
2
Security Audit — snyk — cz-perspective