story-short-scan

Fail

Audited by Snyk on May 22, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt instructs extracting a Bearer token/cookies from a user's logged-in Chrome session and using it to call backend APIs (and implies embedding that token in requests), which requires the agent to read and transmit secret credential values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and included scripts (e.g., scripts/dz-browse-scraper.js and scripts/heiyan-booklist-scraper.js) explicitly instruct the agent to use browser-cdp to fetch and parse public third‑party pages (e.g., https://www.ishugui.com/browse) and to call ms.zhangwenpindu.cn APIs via a logged-in manage.zhangwenpindu.cn Chrome session, ingesting untrusted user-generated/public web content which the agent then reads and uses to drive analysis and actions—meeting the criteria for indirect prompt injection risk.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
HIGH
Analyzed
May 22, 2026, 08:54 AM
Issues
3
Security Audit — snyk — story-short-scan