Skills
skills/anygenio/anygen-skills/anygen/Snyk

anygen

Fail

Audited by Snyk on Mar 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt contains explicit instructions to spawn background monitoring and to hide that activity and any technical identifiers from users (e.g., "Do NOT announce this to the user", "Do NOT tell the user you launched it", strip system prefixes), which are deceptive/hidden behaviors outside the transparent content-generation purpose.

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and permits embedding API keys in CLI commands (e.g., config set api_key "sk-xxx" and --api-key) and requires filling sensitive placeholders (task_id/task_url) into generated monitoring commands, which forces the agent to include secret/token values verbatim in its outputs/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill routinely fetches and acts on content from the AnyGen service (requests to https://www.anygen.io, including the prepare API which returns suggested_task_params, plus task outputs like task_url/file_url/thumbnail_url) and the diagram renderer loads remote libraries (e.g., viewer.diagrams.net and esm.sh), and the workflow explicitly requires the assistant to read and use those third-party replies to drive task creation and background monitoring—meaning untrusted, externally generated content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 8, 2026, 03:31 PM