coding-cli-management
Fail
Audited by Snyk on Jun 21, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill intentionally delegates code execution to third‑party AI CLIs (claude/gemini/qodercli) while explicitly disabling safety checks and referencing host CLI configs, enabling easy data exfiltration, credential exposure, and remote code execution.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text is the Worker-authored
coding-requestprompt content: the Manager parses the message, writes{extracted prompt content}intoprompt_file, thenrun-coding-cli.shreads it (cat "$prompt_file") and passes it to the external CLI/LLM at runtime.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata