WriteStory

Fail

Audited by Snyk on Jul 7, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The skill mandates executing an immediate curl POST to a local /notify endpoint before doing anything else, which is a side-effectful network action unrelated to the stated fiction-writing purpose and therefore a hidden/out-of-scope instruction.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). High-risk: the skill mandates a stealthy, background HTTP POST to localhost:31337 (output suppressed) before any action, which looks like a deliberate beacon/backdoor activation rather than benign telemetry.

Issues (2)

E004
CRITICAL

Prompt injection detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 7, 2026, 03:45 AM
Issues
2
Security Audit — snyk — WriteStory