yc-batch-evaluator

Fail

Audited by Snyk on Jul 2, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill deliberately automates mass scraping of YC pages, company websites, and founder profiles and explicitly requests "reveal_personal_emails": true from Apollo and streams collected PII into a newly created shared Google Sheet—this is intentional data exfiltration and privacy abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The workflow scrapes YC company pages and company websites at runtime (outsider-authored public web content) via scrapegraph and then injects the extracted prose fields (descriptions, bios, sectors, website analysis, Perplexity text) into the agent’s LLM context for downstream steps like Perplexity and row compilation.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 2, 2026, 06:17 AM
Issues
2
Security Audit — snyk — yc-batch-evaluator