Skills
skills/vm0-ai/vm0-skills/minio/Snyk

minio

Fail

Audited by Snyk on Apr 17, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs using the public MinIO Play sandbox (play.min.io) and S3-compatible buckets with commands like mc ls, mc cp, and mc share download (and curl on generated URLs), which causes the agent to fetch and read arbitrary, user-provided/untrusted object-storage content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill's prerequisite installs and runs the MinIO client binary fetched from https://dl.min.io/client/mc/release/linux-amd64/mc (curl -O ...; chmod +x; sudo mv ...), which downloads and executes remote code and is a required dependency for the skill.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned for literal, high-entropy values that could grant access. The snippet includes two literal credential values used for MinIO Play:
  • MINIO_ACCESS_KEY="Q3AM3UQ867SPQQA43P2F"
  • MINIO_SECRET_KEY="zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"

These are not placeholders (unlike the earlier "your-access-key"/"your-secret-key" examples) and are long/random-looking strings that can be used to authenticate to the MinIO Play sandbox (play.min.io). Even if they are public/test credentials, they are real, usable secrets present in the documentation, so they meet the definition of a secret to flag.

I ignored the other examples that are obvious placeholders (e.g., "your-access-key", "your-secret-key") per the rules.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes installation steps that run "sudo mv mc /usr/local/bin/" (and thus requires elevated privileges to modify system directories), which instructs modifying system files requiring sudo.

Issues (4)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 17, 2026, 04:45 PM
Issues
4
Security Audit — snyk — minio