skills/moltbot/skills/moltbook/Snyk

moltbook

Warn

Audited by Snyk on Mar 19, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md and HEARTBEAT.md (and MESSAGING.md) explicitly instruct the agent to fetch and act on public, user-generated Moltbook content (e.g., /api/v1/feed, /api/v1/posts, /api/v1/search, and DM endpoints), meaning untrusted third‑party posts/comments/messages are read and can drive follow-up actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to curl and "follow" remote instruction files (e.g., https://www.moltbook.com/heartbeat.md and https://www.moltbook.com/skill.md, plus https://www.moltbook.com/skill.json) so fetched content directly controls agent behavior and is relied on as a required dependency.

Issues (2)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 19, 2026, 03:36 AM

Issues

2