create-blog-post-xn--uy0a.tw
Warn
Audited by Snyk on Feb 21, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly clones and reads a public GitHub repository (git clone https://github.com/jim60105/blog.git) and instructs the agent to read files such as .github/instructions/quill-sage.instructions.md and references/writing-guidelines.md, meaning untrusted, third-party content is ingested and used to guide writing and subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime cloning/pulling from https://github.com/jim60105/blog.git and then reading repository instructions (e.g., AGENTS.md, .github/instructions/…) and running ./switch-site.sh from that repo, so fetched remote content can directly control prompts/instructions and execute code.
Audit Metadata