Skills
skills/mukul975/anthropic-cybersecurity-skills/performing-ransomware-response/Snyk

performing-ransomware-response

Warn

Audited by Snyk on Mar 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (Step 1: "Detect and Confirm Ransomware") and the API reference explicitly direct the agent to upload ransom notes/samples to public sites (ID Ransomware) and check NoMoreRansom.org—ingesting untrusted, attacker- or user-generated third-party content whose identification/decryptor results are used to drive containment and recovery decisions, so it could enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The playbook instructs privileged, state-changing operations (isolating networks, disabling accounts, rebuilding domain controllers, resetting passwords, restoring backups) that modify system configuration and would require elevated privileges, so it encourages actions that can compromise the machine state.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 01:52 PM
Issues
2