account-research-sales-card

Fail

Audited by Snyk on May 20, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). These point to an unknown GitHub repository and a small custom domain that provide runnable code/instructions to download and execute scripts (python runner), which is a common vector for malware despite being hosted on GitHub.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts a public "accountSourceUrl" (references/form-schema.json and SKILL.md note "如果参数里包含链接字段,请传完整、可访问的 URL" and the form's required-any-of allows URL as the sole input), indicating the agent is expected to ingest public website/news/case-page content which could meaningfully influence its recommendations—so untrusted third‑party content can be read and affect actions.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 20, 2026, 06:36 PM
Issues
2
Security Audit — snyk — account-research-sales-card