ui

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill unconditionally fetches and executes remote SKILL.md content (and any chained uidotsh:// references), which is a classic remote-management/backdoor pattern enabling arbitrary remote instruction execution and potential abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The required workflow fetches uidotsh://ui from a remote MCP server at runtime and then treats the fetched content as the skill’s SKILL.md instructions, meaning outsider-authored free text from the MCP server is ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). This skill instructs the runtime to call mcp__uidotsh__uidotsh_fetch to fetch uidotsh://ui and treat the fetched content (and any uidotsh://... references it points to) as the skill's SKILL.md instructions, meaning remote content directly controls agent prompts and behavior (flagged URL: uidotsh://ui).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). This prompt directs the agent to fetch and treat remote content as executable skill instructions (including following further uidotsh:// references), which allows arbitrary remote commands or guidance that could instruct the agent to obtain sudo, modify system files, or create users, so it poses a high risk of compromising the host state.

Issues (4)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 08:41 AM
Issues
4
Security Audit — snyk — ui