partiful

Fail

Audited by Snyk on Jun 20, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The code deliberately captures bearer auth tokens and user IDs by intercepting browser network traffic (via a Playwright script it writes and executes), stores them locally, and also auto-installs/runs external tooling (npm/playwright), which together represent intentional credential-capture and execution of external code that can be abused or repurposed for exfiltration or supply-chain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The skill fetches outsider-authored free text at runtime from Partiful’s public web/API responses (e.g., cmd-invitesget-my-rsvpsapi-request → JSON fields like event titles/descriptions), which is then printed and included in the agent’s LLM context via the tool output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's auth command installs and runs Playwright at runtime (it executes "npm install -g playwright" / "npx playwright install chromium" and then runs a Node script), which fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/playwright), so the skill fetches and executes external code during runtime.

Issues (3)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 20, 2026, 08:50 PM
Issues
3
Security Audit — snyk — partiful