agentflow

Fail

Audited by Snyk on Jul 1, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill intentionally collects and sends local workspace content (file listings and expanded prompts) to external model APIs and is designed to autonomously run and re-run tasks (including shell validation commands and file modifications) without additional user confirmation, creating strong vectors for data exfiltration and remote code execution if misused or if dispatch channels are abused.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 1, 2026, 04:40 PM
Issues
1
Security Audit — snyk — agentflow