skills/xiaowen-0725/openydt-cli/openydt-record/Snyk

openydt-record

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires at runtime to "MUST 先用 Read 工具读取 ../openydt-shared/SKILL.md", a required external file whose contents (auth/profile/signature/status codes/rate limits/security conventions) directly control how the agent constructs and executes commands, so this runtime-read dependency (../openydt-shared/SKILL.md) poses a prompt/control risk.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Hidden Unicode characters detected (1 type(s) found)

Issues (2)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W021

MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 13, 2026, 01:16 PM

Issues

2

Security Audit — snyk — openydt-record