yc-batch-evaluator
Fail
Audited by Snyk on Jul 2, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The skill deliberately automates mass scraping of YC pages, company websites, and founder profiles and explicitly requests "reveal_personal_emails": true from Apollo and streams collected PII into a newly created shared Google Sheet—this is intentional data exfiltration and privacy abuse.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The workflow scrapes YC company pages and company websites at runtime (outsider-authored public web content) via
scrapegraphand then injects the extracted prose fields (descriptions, bios, sectors, website analysis, Perplexity text) into the agent’s LLM context for downstream steps like Perplexity and row compilation.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata