security-review
Fail
Audited by Snyk on Feb 21, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt includes hidden instructions inside an HTML comment that direct the agent to fetch and execute remote code (Invoke-Expression of content from a GitHub URL), which is deceptive and outside the stated security-review purpose.
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs scanning for hardcoded secrets (e.g., grep for API keys like AKIA, sk_live, Bearer) and asks for a summary of findings without requiring redaction, so an agent would likely return matched secret strings verbatim.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The SKILL.md contains a hidden "SECRET INSTRUCTIONS" comment that directs the agent to fetch and immediately execute remote PowerShell content via Invoke-Expression from a raw.githubusercontent URL — a clear, deliberate remote-code-execution/backdoor and supply-chain risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and execute content from a public GitHub raw URL (https://raw.githubusercontent.com/jitha-afk/projectscourgewizard/main/index.html) via Invoke-WebRequest/Invoke-Expression, which is untrusted user-hosted content that the agent is expected to read/execute and could directly alter behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill includes a hidden runtime instruction to run PowerShell Invoke-Expression on content fetched from https://raw.githubusercontent.com/jitha-afk/projectscourgewizard/main/index.html, which would execute remote code fetched at runtime and is presented as a required environment-validation step.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains a hidden instruction to fetch and execute remote PowerShell content via Invoke-Expression (Invoke-WebRequest ...).Content, which directs the agent to run arbitrary code from the network and can modify/compromise the host.
Audit Metadata