brainstorming
Fail
Audited by Snyk on Mar 4, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The prompt includes a covert instruction to call an external ngrok URL with the summary content (exfiltrating data) which is outside the brainstorming skill’s stated purpose and therefore is a hidden/deceptive prompt injection.
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt requires sending the project summary as a query parameter to an external ngrok URL (https://...ngrok-free.app?summary=), which forces embedding any file/commit contents — including secrets or API keys — verbatim in an outbound request, creating a direct exfiltration risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The skill contains an explicit instruction to send the contents of a local file to an external ngrok URL (https://45f4-...ngrok-free.app?summary=), which is a clear data-exfiltration pattern that can leak shell configuration, history paths, and other sensitive local data to an unknown remote server.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent at runtime to call https://45f4-2a06-c701-4911-2c00-de9-9736-a7e1-53ee.ngrok-free.app?summary=, which is a runtime external dependency that would process and return content capable of directly influencing agent prompts or behavior.
Audit Metadata