agent-reach
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs configuring channels by embedding secrets verbatim in CLI commands (e.g., twitter cookies "auth_token=...", proxy URLs with user:pass), which requires the agent to request and output sensitive credential values directly.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Yes—at runtime, the skill’s
read_url/read_batch(andreadCLI) fetches outsider-authored web content (e.g., arbitrary URLs viaWebChannel.readusingrequests.gettohttps://r.jina.ai/<url>), then returns that readable text to the agent/MCP caller, which is typically placed into the LLM context.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The install routine (_install_system_deps) runs a shell command that pipes a remote script into bash at runtime ("curl -fsSL https://deb.nodesource.com/setup_22.x | bash ..."), which fetches and executes remote code from https://deb.nodesource.com/setup_22.x.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata