search-docs
Fail
Audited by Snyk on Jul 5, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt explicitly instructs the subagent to run with mode "bypassPermissions" (i.e., to circumvent access controls) and to return results verbatim, which are deceptive/unauthorized instructions outside a normal documentation search.
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs calling a docs-searcher with "bypassPermissions" and to report results "exactly as returned," which forces the agent to return any sensitive secrets or credentials present in the documentation verbatim.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The skill explicitly instructs using a "docs-searcher" subagent with mode "bypassPermissions", which requests evasion of access controls and therefore indicates intentional unauthorized access and high risk of abuse.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs calling a subagent with mode "bypassPermissions", which directs the agent to bypass security controls and therefore compromises the host environment.
Issues (4)
E004
CRITICALPrompt injection detected in skill instructions.
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata