read

Fail

Audited by Snyk on May 29, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These links mix trusted vendor APIs (open.feishu.cn) with third-party proxy services (defuddle.md, r.jina.ai) and raw GitHub content endpoints (raw.githubusercontent.com) that can deliver arbitrary/untrusted files or scripts—making them a moderate-to-high risk as possible malware distribution vectors if the upstream content or repos are untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). In the required workflow, the skill fetches outsider-authored free text from a user-supplied URL/PDF and then feeds the extracted readable content into the agent’s LLM context (via scripts/fetch.shscripts/fetch_local.py / defuddle.md / r.jina.ai), which is untrusted and may contain prompt-like instructions.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 29, 2026, 06:30 PM
Issues
2
Security Audit — snyk — read