skills/interpreterbarry/barry-english-toolkit/barry-coach/Snyk

barry-coach

Warn

Audited by Snyk on Jun 14, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (medium risk: 0.65). B 类“方法论(读 wiki RAG 答)”在运行时会读取 METHODOLOGY_ROOT/wiki/_index.json 并 Read 对应 wiki 页面原文（来自外部安装的 barry-methodology 资源 Skill 的 wiki 内容），属于非操作用户自写的文档文本进入 LLM 上下文的路径。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 14, 2026, 02:43 PM

Issues

1

Security Audit — snyk — barry-coach