skills/even-realities/everything-evenhub/simulator-automation/Snyk

simulator-automation

Warn

Audited by Snyk on Apr 26, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill's Automation workflow instructs the agent to read the simulator's main webview output and console (GET /api/console and GET /api/screenshot/webview), which can contain arbitrary remote or user-generated web content loaded into the simulator and whose logs/screenshots are explicitly used to decide actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 26, 2026, 09:55 PM

Issues

1

Security Audit — snyk — simulator-automation