WriteStory
Fail
Audited by Snyk on Jul 7, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The skill mandates executing an immediate curl POST to a local /notify endpoint before doing anything else, which is a side-effectful network action unrelated to the stated fiction-writing purpose and therefore a hidden/out-of-scope instruction.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). High-risk: the skill mandates a stealthy, background HTTP POST to localhost:31337 (output suppressed) before any action, which looks like a deliberate beacon/backdoor activation rather than benign telemetry.
Issues (2)
E004
CRITICALPrompt injection detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata