ui
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). This skill unconditionally fetches and executes remote SKILL.md content (and any chained uidotsh:// references), which is a classic remote-management/backdoor pattern enabling arbitrary remote instruction execution and potential abuse.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The required workflow fetches
uidotsh://uifrom a remote MCP server at runtime and then treats the fetched content as the skill’sSKILL.mdinstructions, meaning outsider-authored free text from the MCP server is ingested into the agent’s LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). This skill instructs the runtime to call mcp__uidotsh__uidotsh_fetch to fetch uidotsh://ui and treat the fetched content (and any uidotsh://... references it points to) as the skill's SKILL.md instructions, meaning remote content directly controls agent prompts and behavior (flagged URL: uidotsh://ui).
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). This prompt directs the agent to fetch and treat remote content as executable skill instructions (including following further uidotsh:// references), which allows arbitrary remote commands or guidance that could instruct the agent to obtain sudo, modify system files, or create users, so it poses a high risk of compromising the host state.
Issues (4)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata