structured-prompt-writer

Warn

Audited by Socket on Jun 15, 2026

2 alerts found:

Anomalyx2
AnomalyLOW
references/prompts/gpts-personas/Music Writer.md

No explicit malware behaviors (exfiltration, credential theft, reverse shells) are visible in the provided fragment because it is instruction text rather than executable logic. However, it explicitly directs unpacking bundled artifacts and installing them into Python site-packages, which is a high-impact supply-chain execution vector if the bundled contents are compromised or contain trojaned modules. The added instruction-hiding/jailbreak-resistance text is an additional anomaly that warrants scrutiny of the bundled “Knowledge” payloads and their provenance. Review should focus on validating the archive contents, integrity, and whether any unexpected modules are installed or executed before MIDI generation.

Confidence: 100%Severity: 60%
AnomalyLOW
references/prompts/gpts-personas/AboutMe.md

No explicit malware payloads are shown in the fragment. However, the specification describes a high-risk integration pattern: actively sending user-generated HTML (containing user-controlled text and URLs) to an external endpoint for live hosting, with no stated sanitization/escaping or strict URL scheme validation. This combination can enable XSS or malicious link/content injection depending on the backend/template rendering and URL validation. The overall risk is therefore moderate, driven by untrusted content handling and the unknown trustworthiness of the remote create-page endpoint.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 15, 2026, 01:41 PM
Package URL
pkg:socket/skills-sh/yzfly%2Fstructured-prompt-skill%2Fstructured-prompt-writer%2F@b3e92b55eae1d80169630e9eead9d1aa7928f687018866957f18b0970490e6e4
Security Audit — socket — structured-prompt-writer