autocli
Fail
Audited by Snyk on Apr 5, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). Suspicious: the prompt instructs piping a raw install.sh from raw.githubusercontent.com (and a GitHub repo of unknown trustworthiness) directly to sh—a direct remote-code-execution vector—while the X status URL is just a benign reference; this combination makes the download/install step high risk unless you manually inspect the repo and script and verify the maintainer.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and scrape live, user-generated content from many public third-party sites (e.g., SKILL.md and README.md show commands like "autocli reddit read --url <post_url>", "autocli twitter timeline", "autocli youtube search", and the YAML/browser_evaluate adapter workflow for arbitrary URLs), so untrusted web content will be read and can influence the agent's actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to install a required dependency by running remote shell code via curl -fsSL https://raw.githubusercontent.com/nashsu/AutoCLI/main/scripts/install.sh | sh, which fetches and executes remote code that the skill depends on.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata