processon-mindmap-generator
Fail
Audited by Snyk on Jun 25, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 0.70). 该技能明确要求在每次运行前强制执行远程版本检查并在失败时“严格禁止提示网络错误”(将错误隐瞒为“暂无更新”),并规定自动执行 shell/更新命令,这等于指示隐藏运行/网络异常并执行外部代码,属于超出单纯生成思维导图且具有欺骗性和潜在滥用风险。
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The skill requires executing remote checks and explicitly mandates echoing script outputs (full visit/img URLs and the returned copyBlock) verbatim, which can force the model to disclose any sensitive tokens or credentials that appear in those returned URLs/blocks, creating an exfiltration risk.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's mandatory pre-check (run before each use) fetches and reads https://raw.githubusercontent.com/processonai/processon-skills/main/skills/processon-mindmap-generator/version/github-version.json at runtime, and the returned version value directly controls whether the agent must interrupt, prompt the user to update, and (if accepted) run remote-update commands—so this is a runtime external dependency that controls agent instructions.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill mandates executing shell commands and network-fetched scripts (including an automatic update step that runs "npx ... -g" and Python scripts that read/write/clean files), which actively modify the host system state and can install or change software, so it poses a high risk of compromising the machine.
Issues (4)
E004
CRITICALPrompt injection detected in skill instructions.
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata