ccx-flow

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). 不安全:该流程要求读取并在输出中展示/嵌入敏感值(如完整 CLAUDE_SESSION_ID、随机生成的 token),并将 token 明文放入示例 curl 的 Authorization 头中,导致秘密会被 LLM 处理并可能外泄。

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). Sets up a localhost HTTP bridge plus a persistent "idle" teammate that can inject arbitrary messages into the main Claude Code session—functionally a backdoor enabling remote/local injection and potential exfiltration or abuse of the LLM context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 该技能运行时会通过本地 HTTP /inject 接收“外部进程”提供的 text(示例 curl 的 -d '{"text": ...}'),并将该自由文本作为 teammate_message XML 注入到主会话的 LLM 上下文中,因此存在 outsider(非操作用户)自由文本进入 LLM 的间接提示注入风险。

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). This skill instructs the agent to spawn and kill background processes, run a local HTTP bridge, and write/delete registry and team directories in the user's home (modifying process and filesystem state), though it does not request sudo, modify privileged system files, or create system users, so the risk is moderate.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 05:31 AM
Issues
4
Security Audit — snyk — ccx-flow