knowledge-extractor
Warn
Audited by Snyk on Jun 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). 该技能在 Step 1 允许用户输入“URL”,并在运行时通过
fetch_web抓取网页正文后进入 Step 2 的“深度阅读/提炼”,因此会把**公共网页内容(外部作者的自由文本)**读入LLM上下文,存在间接提示注入风险。
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly states that "If it's a URL, use fetch_web to get content" meaning an arbitrary user-supplied HTTP(S) URL will be fetched at runtime and that fetched content is used as the input that controls the agent's prompts/outputs (i.e., the user-provided URL fetched via fetch_web).
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata