create-blog-post-聆tw
Warn
Audited by Snyk on Feb 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs cloning a public GitHub repo (git clone https://github.com/jim60105/blog.git) and then tells the agent to read repo files (e.g., AGENTS.md and .github/instructions/quill-sage.instructions.md) as required editorial/front-matter guidance, which are untrusted, user-authored third-party contents that can directly influence writing decisions and tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill instructs the user to git clone https://github.com/jim60105/blog.git and then read repository files (e.g., .github/instructions/quill-sage.instructions.md, AGENTS.md) that define editorial instructions and to run ./switch-site.sh from that repo, so content fetched at runtime can directly control prompts and execute code.
Audit Metadata