linkfox-zhihuiya-description-data-translated
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). One URL is a direct download of a release.zip that instructs installing a skill (direct archive installers can be used to distribute malware and should be treated as suspicious), while the other links are API/official pages and are low risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider-authored free text is ingested from the Zhihuiya patent translation API response (
data[].description) and then printed to stdout / included in the saved JSON, which the agent can read into its LLM context (runtime path:scripts/zhihuiya_description_translated.py→call_api()→json.loads(response.read())→print(serialized)orsummarize(result)).
Issues (2)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata