Skills
skills/chujianyun/skills/qoder-wiki/Snyk

qoder-wiki

Warn

Audited by Snyk on Apr 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill explicitly tells the agent to "如文档信息不足,再考虑联网搜索补充" in SKILL.md and the docs (e.g., docs/拓展能力/MCP.md and docs/拓展能力/自定义智能体.md) expose WebFetch/WebSearch and MCP-based webpage fetching of arbitrary URLs, so the agent will fetch and interpret untrusted public web content (web pages/search results) that can materially influence tool use and decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 04:50 PM
Issues
1