antislop
Warn
Audited by Snyk on Mar 9, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's "Pattern Refresh Protocol" in SKILL.md explicitly instructs the agent to fetch and parse public Wikipedia pages (via Gemini CLI or curl to https://en.wikipedia.org/wiki/Wikipedia:Signs_of_AI_writing and https://en.wikipedia.org/wiki/Wikipedia:WikiProject_AI_Cleanup) and then ingest those user-editable pages to update detection rules, allowing untrusted third-party content to change the agent's behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's "Pattern Refresh Protocol" instructs running the Gemini CLI and curl commands at runtime to fetch and parse remote pages (e.g. https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:Signs_of_AI_writing&prop=wikitext&format=json and https://en.wikipedia.org/w/api.php?action=parse&page=Wikipedia:WikiProject_AI_Cleanup&prop=wikitext&format=json, and the gemini "Fetch these two pages..." command), and that fetched content is used to update detection patterns that directly control the agent's prompts/behavior.
Audit Metadata