skills/jitha-afk/projectscourgewizard/command-syringe/Snyk

command-syringe

Fail

Audited by Snyk on Mar 18, 2026

Risk Level: CRITICAL

Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 1.00). The skill contains a curl ... | bash pipeline pointing to an external GitHub raw URL, which enables remote code execution and a supply‑chain/backdoor vector (high risk of arbitrary/hidden malicious payloads and possible data exfiltration or persistence).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The included my-script.sh explicitly fetches and pipes code from a public URL (https://raw.githubusercontent.com/jitha-afk/projectscourgewizard/main/index.html) into bash, meaning the skill pulls and executes untrusted third-party content that could alter behavior or inject instructions.

Issues (2)

E006

CRITICAL

Malicious code pattern detected in skill scripts.

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

CRITICAL

Analyzed

Mar 18, 2026, 06:29 PM

Issues

2