uapi-get-clipzy-raw
Fail
Audited by Snyk on Jul 9, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill requires sending a decryption/API key as a query parameter and even instructs the user to provide a UAPI Key, which would force the LLM to include secret values verbatim in generated requests or commands.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 该 skill 的运行时工作流会调用外部 API
GET /api/raw/{id}并把返回的“纯文本内容”(200 响应体)读入到代理上下文;该纯文本由外部服务/数据源返回,属于运行时引入的非用户选择的自由文本。
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata