huashu-nuwa

Warn

Audited by Snyk on Jun 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.78). 该Skill的运行时“Phase 1 多源信息采集”在默认纯网络搜索/本地语料补充模式下会抓取公共网页、播客/视频字幕等外部文本,并把这些可读内容写入 references/research/01-06.md 后再进入 Phase 2/3 进入LLM上下文,属于“公共 web 内容/第三方转录/社区文章等外部自由文本→LLM上下文”的间接提示注入路径。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The skill explicitly spawns subagents that at runtime fetch and ingest external web content (including GitHub repos such as https://github.com/karpathy/nanoGPT) to populate research files and drive prompt generation, so those URLs are runtime dependencies whose fetched content directly shapes agent prompts/behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 12:29 AM
Issues
2
Security Audit — snyk — huashu-nuwa