taleb-perspective

Fail

Audited by Snyk on May 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These URLs are primarily personal GitHub repos and personal sites (an unknown user "alchaincyf") with installation commands (npx/git clone) — there are no direct .exe/installer links but running/unpacking code from an unvetted GitHub user or executing npx install scripts can run arbitrary code, so it is a plausible malware distribution vector and warrants caution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该Skill的运行时工作流在SKILL.md中要求“必须使用工具(WebSearch等)获取真实信息”,而WebSearch会抓取公共网页/外部来源的可读文本并进入LLM上下文,属于“公共web内容在运行时被读取”的外部自由文本注入路径。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 30, 2026, 10:51 AM
Issues
3
Security Audit — snyk — taleb-perspective