research-writing-assistant
Warn
Audited by Snyk on May 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to search and ingest open/public literature and metadata (e.g., "英文文献可通过网络搜索获取" and "AI可搜索" with Google Scholar/PubMed/arXiv in modules/literature-review.md, and to call CrossRef/OpenAlex APIs in modules/workflow-lifecycle.md / SKILL.md), so the agent is expected to fetch and interpret untrusted third‑party web content that can materially affect citations and next actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The environment-setup skill explicitly downloads and executes Miniconda installers at runtime from URLs such as https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-x86_64.sh and https://repo.anaconda.com/miniconda/Miniconda3-latest-Windows-x86_64.exe, which fetches remote executables and runs them, meeting the criteria for a runtime external dependency that executes remote code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata