aicut-editing

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill documentation describes endpoints that can serve arbitrary absolute filesystem paths (/api/media/serve?path= and POST /api/media/generate-thumbnail with filePath) and APIs that write/delete project folders and full snapshots (archiveProject, deleteProject, updateSnapshot), plus a poll endpoint — together these features enable straightforward local file exfiltration, arbitrary filesystem writes/deletions, and possible covert command/data channels if path/project-name validation or auth are missing.

Issues (1)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 19, 2026, 06:43 AM
Issues
1
Security Audit — snyk — aicut-editing