huashu-nuwa
Warn
Audited by Snyk on Jun 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.78). 该Skill的运行时“Phase 1 多源信息采集”在默认纯网络搜索/本地语料补充模式下会抓取公共网页、播客/视频字幕等外部文本,并把这些可读内容写入
references/research/01-06.md后再进入 Phase 2/3 进入LLM上下文,属于“公共 web 内容/第三方转录/社区文章等外部自由文本→LLM上下文”的间接提示注入路径。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly spawns subagents that at runtime fetch and ingest external web content (including GitHub repos such as https://github.com/karpathy/nanoGPT) to populate research files and drive prompt generation, so those URLs are runtime dependencies whose fetched content directly shapes agent prompts/behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata