distill

Warn

Audited by Snyk on Jun 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Outsider-authored free text can enter the LLM context via the live-sample path: samples/live/urls.json → Playwright renders arbitrary third-party pages and the skill parses their HTML/DOM text (e.g., voice samples and representative elements) into SAMPLES.md/trait-matrix.json, which are then read by stardust:direct as Mode B anchor inputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill reads URLs from samples/live/urls.json and (when the live pass is enabled) uses Playwright to fetch and fully render each listed URL at runtime — executing the pages' JavaScript and saving snapshots — so user-provided external URLs are executed and directly influence the produced trait/brief artifacts.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 14, 2026, 11:50 PM
Issues
2
Security Audit — snyk — distill