xiaolvs-pipeline

Fail

Audited by Snyk on Jun 29, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). 代码包含可被远程触发的任意任务执行与自动化发布能力(通过 user-controlled 消息驱动的 codebuddy CLI、公开隧道、强制知识库上传和对 Chrome 登录态的自动使用),这些特性可被滥用用于远程代码执行、内网/本地资源访问(SSRF)与敏感数据外泄或未经授权发布。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 在企微机器人收到用户消息后,wecom_bot_service.py 将用户提供的 URL/文字拼成 prompt 并调用 CodeBuddy(run_codebuddy(prompt));若用户给的是“文章链接”,下游 fetch-archive 会在运行时通过 web_fetch/fetch_article.py 抓取网页正文(OUTSIDER:公共网页内容),并把抓取到的原文全文作为 LLM 可读文本进入后续生成流程。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill accepts and fetches arbitrary user-provided HTTP(S) URLs at runtime (e.g., "https://example.com/article") via web_fetch/fetch_article and passes the fetched document content into the CodeBuddy prompt/workflow, meaning external page content directly controls the agent's instructions (prompt injection risk).

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 29, 2026, 01:59 AM
Issues
3
Security Audit — snyk — xiaolvs-pipeline