gangtise-copilot
Fail
Audited by Snyk on May 18, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.85). The prompt explicitly shows and permits passing accessKey/secretAccessKey as command-line arguments and instructs prompting for and writing raw credential values into files (and creating examples with ""), which requires the agent to handle and could lead it to emit secrets verbatim in commands or outputs.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill (and the upstream Gangtise skills it installs) explicitly fetch and ingest untrusted third‑party content — e.g., downloading bundles from https://gts-download.obs.myhuaweicloud.com/skills, calling the public OpenAPI at https://open.gangtise.com (RAG/file/data endpoints), and running gangtise-web-client / gangtise-file-client / gangtise-wechat-summary to read web pages, reports and user-generated WeChat content — and those results are parsed and used by workflow skills (stock-research, opinion-pk, etc.) to drive analysis and next actions, so third‑party content can materially influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The installer explicitly downloads and installs remote code at runtime from the Huawei OBS bundle URL (https://gts-download.obs.myhuaweicloud.com/skills/.zip) and from the GitHub repo/API (https://github.com/daymade/claude-code-skills.git and https://api.github.com/repos/daymade/claude-code-skills/contents/...), which are required for the skill to operate and result in executing upstream scripts/code — therefore these runtime fetches can directly alter prompts/behavior or run remote code.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata