analyze-book
Warn
Audited by Snyk on Mar 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly requires WebFetch/WebSearch of public sites (e.g., the "书籍定位流程" in Phase 0 instructs WebFetch to https://m.douban.com/search and https://book.douban.com/subject/{ID}/, and each of the six subagents' prompts mandate WebSearch/WebFetch of external review/pages) so the agent will ingest untrusted user-generated public-web content that can influence its analysis and actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). Yes — the skill mandates runtime WebFetch calls that supply content used to drive the agents' prompts (e.g., the required Douban lookup: https://m.douban.com/search/?query={书名}&type=book and https://book.douban.com/subject/{Subject ID}/, plus fallback https://search.dangdang.com/?key={书名}&act=input), so external pages fetched at runtime directly control the model's outputs and are required dependencies.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata