iblai-security-disk-forensics
Fail
Audited by Snyk on Jun 15, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The prompt explicitly tells the agent to request encryption keys/passphrases from the user and to "log every command and finding" while mounting/handling evidence, which creates a clear requirement to receive and potentially record or embed secret passphrases verbatim (exfiltration risk).
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s workflow ingests outsider-authored free text when it runs tools like
ls -laR /mnt/evidence,fls -r,icat,strings <image> | grep, andbulk_extractoron user-provided disk images, because those images can contain arbitrary human-authored content (e.g., documents, logs, browser history) that becomes readable prose in the agent’s LLM context via extracted listings/text.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata