zhang-yiming-perspective

Fail

Audited by Snyk on May 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The list is mostly news sites and GitHub repositories (plus a few personal domains and badge images) rather than direct executables, but it includes installing/downloading code from a single, relatively unknown personal GitHub/npm author and personal hosts (npx/git clone/URLs) — a common delivery vector for malicious packages — so treat as moderately suspicious until the repositories and install scripts are audited in a sandbox.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该Skill的运行工作流要求在Step 2中使用WebSearch等工具获取“公开网页/媒体报道/外部分析”并把其可读文本纳入LLM上下文;这些来源属于OUTSIDER(公共网页内容/他人撰写的文章),因此存在间接提示注入风险。

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 30, 2026, 03:53 AM
Issues
3
Security Audit — snyk — zhang-yiming-perspective