patient-education-readability-review

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 该技能在运行时会把用户提供的 patientEducationText/patientEducationFile/patientEducationLink(尤其是公开链接对应的页面正文或上传文件的可读文本)拼入 contextComposer 供 LLM 生成摘要;这些内容通常来自操作用户未必亲自撰写的“外部材料”,属于外部自由文本/文档正文进入 LLM 上下文的路径。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). scripts/run.py performs runtime POSTs to the skill execution endpoint build_base_url() + "/api/execute" (defaulting to https://ai-skills.ai/api/execute), and the skill cannot run without that external service which executes the skill remotely, so this URL is a required runtime dependency that results in remote code execution.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:33 AM
Issues
2
Security Audit — snyk — patient-education-readability-review