Skills
skills/danielmiessler/personal_ai_infrastructure/Interceptor/Snyk

Interceptor

Fail

Audited by Snyk on May 2, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). example.com is benign, but the skill forces a silent curl to a local endpoint and links to an unfamiliar GitHub repo that instructs building/running local binaries and install scripts — these are supply‑chain and local‑execution vectors that are high risk unless the repo and scripts are fully audited.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill contains deliberate, high-risk backdoor-capability design choices (an unauthenticated UNIX socket bridge that inherits macOS TCC permissions and is world-accessible by default, persistent LaunchAgent install, powerful monitoring/exporting of user actions and network bodies, JS eval and network override features) that enable local credential/token capture, clipboard/screen/audio access, OS-level input control, and easy exfiltration by any local or supply‑chain compromised process.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and reads arbitrary external webpages (e.g., "interceptor open "<BUG_URL>"" in Workflows/Reproduce.md and "interceptor open "<DEPLOY_URL>"" in Workflows/VerifyDeploy.md) and uses commands that extract and act on page text/console/network outputs (e.g., interceptor read, interceptor eval, interceptor net log) as required steps, so untrusted third-party page content can directly influence subsequent tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's Update workflow explicitly pulls and resets the local project from the upstream git repo (https://github.com/Hacker-Valley-Media/slop-browser) and then runs dependency installs and build scripts (git fetch/reset, bun install, bash scripts/build.sh), which fetch and execute upstream code at runtime—creating a clear supply-chain remote-code execution dependency on that URL.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 2, 2026, 01:03 AM
Issues
4