Skills
skills/killvxk/frida-pp/phantom-frida/Snyk

phantom-frida

Fail

Audited by Snyk on Apr 8, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 1.00). The URL points to an unvetted GitHub repository (TheQmaks/phantom-frida) that provides tooling to build modified Frida servers with explicit anti-detection features — a dual-use capability often abused to evade security controls and distribute executables from an unknown author, so it represents a high-risk download source.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content automates building and deploying modified Frida servers with explicit anti-detection and binary-cleaning techniques (string obfuscation, SELinux label changes, disabling libc hooks, syscall/stack/frame modifications, randomized name/port) and provides deployment commands, effectively enabling stealthy remote code execution/backdoor access on Android and intentional evasion of detection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs the agent to clone and execute code from a public GitHub repository (git clone https://github.com/TheQmaks/phantom-frida.git) and to run scripts that fetch latest release data from the public GitHub API (scripts/get-latest-version.sh), meaning untrusted third‑party content is ingested at runtime and can materially change build/tooling behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly clones and relies on https://github.com/TheQmaks/phantom-frida.git at runtime and then runs its build scripts (e.g., python3 build.py), meaning fetched remote code will be executed and directly controls the agent's behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs using sudo (apt-get install, sudo chown) and guides building/deploying modified Frida binaries with system-level changes, which asks the agent to obtain elevated privileges and modify the machine state.

Issues (5)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 8, 2026, 04:19 PM
Issues
5