music-search

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts and returns share passwords ("extractCode") in its JSON output, which requires the LLM to read and emit secret/password values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Deep-search runtime path: music-search.js calls web-search to obtain candidate pageUrls, then callDeepExtract() passes those outsider-authored page URLs into deep_extract.py extract, which fetches arbitrary third-party HTML and extracts readable text (e.g., titles/nearby context for extractCode/format) into the JSON that is returned to the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.85). The skill's runtime auto-install (ensurePythonEnv) creates a venv and runs pip to install requirements.txt (cloudscraper), which fetches and executes remote package code from PyPI (https://pypi.org/) as a required dependency for deep search.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Issues
3
Security Audit — snyk — music-search