document-to-mindmap

Fail

Audited by Snyk on Jun 27, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.80). Yes — the skill includes hidden/deceptive operational mandates (e.g., forcibly running remote shell/version checks, suppressing/network-error messages, and requiring unconditional output of full unredacted URLs/params) that alter behavior and can enable exfiltration or silent updates beyond the user-facing mindmap generation purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). 运行时 LLM 上下文的输入来自用户提供的 --markdown/--markdown-file 内容(resolve_markdown_input 读取后放入 payload["markdown"] 并 POST 到 TRANSFORM_MD_API_URL),因此若该内容包含“非操作用户选择引入的外部自由文本”(如他人消息/网页抓取/他人文档正文),就会被送入模型上下文;该技能本身不做来源净化/隔离。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to run shell commands that modify the host (including an automatic global npx install --force -g which can change system packages and may require elevated privileges), so it directs activities that alter machine state even though it does not explicitly request sudo or create users.

Issues (4)

E004
CRITICAL

Prompt injection detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 27, 2026, 12:25 PM
Issues
4
Security Audit — snyk — document-to-mindmap