prompt-writer

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The document explicitly allows and describes SKILL.md shell-injection syntax (inline ! and ```! blocks) that the harness executes at render time — a clear remote code-execution / supply-chain vector (exacerbated by regex-based accidental execution and the note that bundled/managed skills may bypass disabling), which can be abused as a backdoor for arbitrary commands and data exfiltration.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 16, 2026, 01:20 PM
Issues
1
Security Audit — snyk — prompt-writer