linkfox-zhihuiya-claim-data-translated
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 1.00). Most URLs are official LinkFox API/site endpoints and appear low-risk, but the agent-files.linkfox.com entry that directly links to "release.zip" with instructions to download and install a skill is a direct distribution of installable code and therefore suspicious/high-risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text is ingested from the runtime HTTP API response (
claimsfield returned byPOST /zhihuiya/claimDataTranslated), which the script then serializes and prints to stdout (full JSON when small or--inline, otherwise a summary that still includes sampled claim text).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata