graphics-api-hooking
Warn
Audited by Snyk on Apr 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). The skill's Data Source section explicitly instructs the agent to fetch and reference public GitHub raw content (e.g., https://raw.githubusercontent.com/.../README.md and the archive/description raw URLs) and to read those repository/readme files to answer user queries, which are untrusted, user-generated third‑party sources that can influence the agent's actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and use remote content from https://raw.githubusercontent.com/gmh5225/awesome-game-security/refs/heads/main/README.md (and the related raw.githubusercontent.com archive/description URLs) to drive responses, so external content directly controls prompts and is a required dependency.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). This skill does not explicitly ask for sudo, create users, or modify system files, but it instructs process- and driver-level hooking, overlay/overlay-hijacking, and anti-detection/evasion techniques that alter runtime/system components and may require elevated privileges, so it poses a moderate risk of compromising the host state.
Issues (3)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata