book-finder
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs constructing and running curl commands that include a URL query parameter "&key=KEY", which requires the agent to capture and embed a fetched key value verbatim into command output (an insecure pattern of passing secrets on the command line).
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md requires runtime web searching and scraping of third-party sites (e.g., Libgen/Anna’s Archive/Archive.org/university servers) and parsing their returned HTML to extract download links, which is outsider-authored free text ingested into the agent’s context via the fetched page content.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata