xiaolvs-pipeline
Fail
Audited by Snyk on Jun 29, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). 代码包含可被远程触发的任意任务执行与自动化发布能力(通过 user-controlled 消息驱动的 codebuddy CLI、公开隧道、强制知识库上传和对 Chrome 登录态的自动使用),这些特性可被滥用用于远程代码执行、内网/本地资源访问(SSRF)与敏感数据外泄或未经授权发布。
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 在企微机器人收到用户消息后,
wecom_bot_service.py将用户提供的 URL/文字拼成 prompt 并调用 CodeBuddy(run_codebuddy(prompt));若用户给的是“文章链接”,下游fetch-archive会在运行时通过web_fetch/fetch_article.py抓取网页正文(OUTSIDER:公共网页内容),并把抓取到的原文全文作为 LLM 可读文本进入后续生成流程。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill accepts and fetches arbitrary user-provided HTTP(S) URLs at runtime (e.g., "https://example.com/article") via web_fetch/fetch_article and passes the fetched document content into the CodeBuddy prompt/workflow, meaning external page content directly controls the agent's instructions (prompt injection risk).
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata