yao-interpreter-skill

Fail

Audited by Snyk on Jun 18, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). 该仓库包含明确的恶意/滥用示例:静态示例脚本中有将密钥通过 curl 上传(OPENAI_API_KEY)和可能的递归删除命令(rm -rf ...),并在多个位置检测/读取环境令牌(例如 GITHUB_TOKEN),这些都构成高风险的数据外传与破坏性命令信号。

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). 该技能在运行时会读取目标 Skill 包内的文本文件(如 SKILL.mdAGENTS.mdscripts/*.py 等)并把其内容/摘录写入 analysis.jsonfindings.json,再由 HTML 渲染器把这些“证据原文”作为可读文本嵌入报告(render_findings()<pre><code>{esc(item.get("quote"))}</code></pre>),因此若目标包来自外部第三方(outsider)就会把其自由文本/指令性内容间接进入 LLM 上下文(通过后续把生成报告再喂给 LLM 的链路)。

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 18, 2026, 03:28 AM
Issues
2
Security Audit — snyk — yao-interpreter-skill