uapi-get-clipzy-raw

Fail

Audited by Snyk on Jul 9, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill requires sending a decryption/API key as a query parameter and even instructs the user to provide a UAPI Key, which would force the LLM to include secret values verbatim in generated requests or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该 skill 的运行时工作流会调用外部 API GET /api/raw/{id} 并把返回的“纯文本内容”(200 响应体)读入到代理上下文;该纯文本由外部服务/数据源返回,属于运行时引入的非用户选择的自由文本。

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 9, 2026, 06:41 AM
Issues
2
Security Audit — snyk — uapi-get-clipzy-raw