ai-automation-workflows
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). SKILL.md shows runtime workflows that pass user-provided free text (e.g.,
$INPUT_TEXTfrom script arguments and$(cat $file)from arbitrary.txtfiles) intobelt app run ... --input, which becomes LLM prompt context; this is outsider-authored content if the operating user supplies/uses files or arguments originating from others.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs creating persistent cron jobs and writing logs to system paths like /var/log and /output (root-owned locations), which can modify the host state and may require elevated privileges even though it doesn't explicitly ask for sudo.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata