book-finder

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs constructing and running curl commands that include a URL query parameter "&key=KEY", which requires the agent to capture and embed a fetched key value verbatim into command output (an insecure pattern of passing secrets on the command line).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). SKILL.md requires runtime web searching and scraping of third-party sites (e.g., Libgen/Anna’s Archive/Archive.org/university servers) and parsing their returned HTML to extract download links, which is outsider-authored free text ingested into the agent’s context via the fetched page content.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 8, 2026, 01:49 PM
Issues
2
Security Audit — snyk — book-finder