partiful
Fail
Audited by Snyk on Jun 20, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The code deliberately captures bearer auth tokens and user IDs by intercepting browser network traffic (via a Playwright script it writes and executes), stores them locally, and also auto-installs/runs external tooling (npm/playwright), which together represent intentional credential-capture and execution of external code that can be abused or repurposed for exfiltration or supply-chain compromise.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill fetches outsider-authored free text at runtime from Partiful’s public web/API responses (e.g.,
cmd-invites→get-my-rsvps→api-request→ JSON fields like event titles/descriptions), which is then printed and included in the agent’s LLM context via the tool output.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's auth command installs and runs Playwright at runtime (it executes "npm install -g playwright" / "npx playwright install chromium" and then runs a Node script), which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/playwright), so the skill fetches and executes external code during runtime.
Issues (3)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata