skills/tencent-lexiang/lexiang-cli/lx-url-route/Snyk

lx-url-route

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md) routes page URLs — including public mp.weixin.qq.com links — and defaults to running commands like "lx entry describe-ai-parse-content" and "lx file create-hyperlink --url ..." to view/import content, meaning it fetches and parses untrusted public web content that could influence subsequent tool actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 20, 2026, 09:42 PM

Issues

1

Security Audit — snyk — lx-url-route