distill
Warn
Audited by Snyk on Jun 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text can enter the LLM context via the live-sample path:
samples/live/urls.json→ Playwright renders arbitrary third-party pages and the skill parses their HTML/DOM text (e.g., voice samples and representative elements) intoSAMPLES.md/trait-matrix.json, which are then read bystardust:directas Mode B anchor inputs.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill reads URLs from samples/live/urls.json and (when the live pass is enabled) uses Playwright to fetch and fully render each listed URL at runtime — executing the pages' JavaScript and saving snapshots — so user-provided external URLs are executed and directly influence the produced trait/brief artifacts.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata