nightshift
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.95). Outsider-authored free text from the target repo is ingested into the LLM via the runtime clone path (
clone_repocloneshttps://github.com/{owner}/{repo}.gitintoWORKSPACE, then the subagent is prompted to “Analyze the codebase at {clone_dir}” in the Plan/Implement/Review prompts, causing repo README/source text to be read and included in LLM context).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The README/quickstart explicitly instructs runtime curl downloads of executable code from raw GitHub URLs (e.g. https://raw.githubusercontent.com/Microck/hermes-nightshift-glm/main/nightshift.py and the companion raw.githubusercontent URLs for nightshift_tasks.json and glm_quota.py), and the task docs also instruct running npx to fetch/execute remote packages (e.g.
npx -y optimoandnpx -y afdocs check), so these URLs/commands are used at runtime to fetch and run external code that the skill relies on.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata