research-topic-extractor

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 该 skill 的运行时工作流在输入为“URL”时会调用网页读取工具抓取网页正文/内容并将其作为可读文本喂给 LLM(公共 web content fetched at runtime → outsider-authored free text)。

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt directs the agent to write bug records to the user's home directory and to invoke local tools (gh and bensz-collect-bugs) to upload reports—actions that modify the filesystem and perform network/git operations—but it does not request sudo, system-level config changes, or creating users, so the risk is present but limited.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:22 PM
Issues
2
Security Audit — snyk — research-topic-extractor