snuppy

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs fetching and treating remote content as its own instructions (via snuppy://), enabling dynamic remote-controlled behavior and arbitrary instruction/code injection — a high-risk backdoor/supply-chain vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The required workflow fetches remote content from an MCP server (mcp__snuppy__snuppy_fetch of snuppy://snuppy) and then treats that fetched text as the skill’s instructions, so outsider-authored free text from the remote MCP source can be ingested into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires calling mcp__snuppy__snuppy_fetch at runtime to fetch and treat the remote resource snuppy://snuppy (and any snuppy://... references it points to) as this skill's SKILL.md, meaning external content will directly control the agent's instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). This prompt instructs the agent to fetch and obey arbitrary remote SKILL.md content (and follow further remote references), which enables executing externally provided instructions that could direct privileged or state-changing actions, even though it does not itself explicitly request sudo, user creation, or system-file modification.

Issues (4)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 06:21 AM
Issues
4
Security Audit — snyk — snuppy