skills/plyght/dotfiles/snuppy/Gen Agent Trust Hub

snuppy

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is configured to fetch content from an external URI (snuppy://snuppy) using the mcp__snuppy__snuppy_fetch tool. This creates a dependency on a remote resource for the skill's core functionality.
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to treat the fetched remote content as its actual SKILL.md instructions. In the context of AI agents, this is equivalent to remote code execution, as the logic and constraints governing the agent's behavior are provided by an unverified external source at runtime.
  • [PROMPT_INJECTION]: The instructions command the agent to "follow any additional snuppy://... references it points to," which creates a potential chain of nested or recursive instruction fetches. This structure can be used to inject malicious prompts or override safety guidelines after the initial security check has passed.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary purpose is to "clone any live website," which involves processing untrusted third-party data.
  • Ingestion points: Live website source code and assets (via WebFetch).
  • Boundary markers: None identified in the skill body to separate untrusted web content from agent instructions.
  • Capability inventory: The skill has network access via mcp__snuppy__snuppy_fetch and WebFetch to read and potentially exfiltrate data.
  • Sanitization: There is no evidence of sanitization or escaping logic to prevent embedded instructions in a target website from hijacking the agent's session.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:22 AM
Security Audit — agent-trust-hub — snuppy