iblai-security-disk-forensics

Fail

Audited by Snyk on Jun 15, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The prompt explicitly tells the agent to request encryption keys/passphrases from the user and to "log every command and finding" while mounting/handling evidence, which creates a clear requirement to receive and potentially record or embed secret passphrases verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill’s workflow ingests outsider-authored free text when it runs tools like ls -laR /mnt/evidence, fls -r, icat, strings <image> | grep, and bulk_extractor on user-provided disk images, because those images can contain arbitrary human-authored content (e.g., documents, logs, browser history) that becomes readable prose in the agent’s LLM context via extracted listings/text.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 15, 2026, 03:47 PM
Issues
2
Security Audit — snyk — iblai-security-disk-forensics