skills/yaklang/hack-skills/upload-insecure-files/Snyk

upload-insecure-files

Fail

Audited by Snyk on Apr 30, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 1.00). The content is an explicit offensive playbook that instructs how to bypass upload validation, achieve remote code execution (webshells, eval/exec), exfiltrate data (SSRF to metadata and external servers), and abuse storage (presigned URL/SAS hijack, path traversal) — all clear, deliberate malicious techniques.

Issues (1)

E006

CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata

Risk Level

CRITICAL

Analyzed

Apr 30, 2026, 12:02 PM

Issues

1