yao-interpreter-skill
Fail
Audited by Snyk on Jun 18, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). 该仓库包含明确的恶意/滥用示例:静态示例脚本中有将密钥通过 curl 上传(OPENAI_API_KEY)和可能的递归删除命令(rm -rf ...),并在多个位置检测/读取环境令牌(例如 GITHUB_TOKEN),这些都构成高风险的数据外传与破坏性命令信号。
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). 该技能在运行时会读取目标 Skill 包内的文本文件(如
SKILL.md、AGENTS.md、scripts/*.py等)并把其内容/摘录写入analysis.json、findings.json,再由 HTML 渲染器把这些“证据原文”作为可读文本嵌入报告(render_findings()→<pre><code>{esc(item.get("quote"))}</code></pre>),因此若目标包来自外部第三方(outsider)就会把其自由文本/指令性内容间接进入 LLM 上下文(通过后续把生成报告再喂给 LLM 的链路)。
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata