create-blog-post-xn--uy0a.tw

Warn

Audited by Snyk on Feb 21, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly clones and reads a public GitHub repository (git clone https://github.com/jim60105/blog.git) and instructs the agent to read files such as .github/instructions/quill-sage.instructions.md and references/writing-guidelines.md, meaning untrusted, third-party content is ingested and used to guide writing and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime cloning/pulling from https://github.com/jim60105/blog.git and then reading repository instructions (e.g., AGENTS.md, .github/instructions/…) and running ./switch-site.sh from that repo, so fetched remote content can directly control prompts/instructions and execute code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 03:59 PM
Security Audit — snyk — create-blog-post-xn--uy0a.tw