story-short-scan
Fail
Audited by Snyk on May 22, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt instructs extracting a Bearer token/cookies from a user's logged-in Chrome session and using it to call backend APIs (and implies embedding that token in requests), which requires the agent to read and transmit secret credential values verbatim.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and included scripts (e.g., scripts/dz-browse-scraper.js and scripts/heiyan-booklist-scraper.js) explicitly instruct the agent to use browser-cdp to fetch and parse public third‑party pages (e.g., https://www.ishugui.com/browse) and to call ms.zhangwenpindu.cn APIs via a logged-in manage.zhangwenpindu.cn Chrome session, ingesting untrusted user-generated/public web content which the agent then reads and uses to drive analysis and actions—meeting the criteria for indirect prompt injection risk.
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata