Skills
skills/ggprompts/htmlstyleguides/techguide/Snyk

techguide

Fail

Audited by Snyk on Mar 7, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt includes an explicit command that retrieves and writes a GitHub auth token into ~/.git-credentials (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" ...) to enable a push — an instruction that requests access to and storage of secrets in a way that can exfiltrate credentials and is outside the pure content-generation scope.

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly builds and echoes a credentials URL containing a GitHub auth token (echo "https://GGPrompts:$(gh auth token --user GGPrompts)@github.com" > ~/.git-credentials), which is an insecure pattern that requires capturing and embedding a secret token into command output/requests.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The content is largely a benign automation spec for building docs but includes an explicit, high-risk credential-handling command that retrieves a GitHub auth token and writes it in plaintext to ~/.git-credentials (via gh auth token and git credential.helper store), which enables credential theft or unauthorized persistent repo access and therefore represents a deliberate malicious/abusive capability risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Phase 1 explicitly instructs launching subagents that use WebSearch (and context7 MCP calls) to fetch public web documentation and "current best practices" which the agents must read and summarize, so the skill ingests untrusted third‑party web content that could contain indirect prompt injections.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs agents to modify repo and index files and — critically — to store a GitHub token in plaintext (~/.git-credentials) and set a global git credential helper, which persistently alters user configuration and exposes credentials, so it does push the agent to compromise the machine state.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 7, 2026, 05:57 AM