Skills
skills/sundial-org/awesome-openclaw-skills/summarize/Snyk

summarize

Warn

Audited by Snyk on Mar 3, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states the CLI fetches and summarizes arbitrary public URLs and third‑party content (web pages, PDFs, YouTube — e.g., the example summarize "https://example.com"), so the agent ingests untrusted user/website content as part of its workflow which could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The summarize CLI fetches and ingests arbitrary remote URLs at runtime (e.g., https://example.com and https://youtu.be/dQw4w9WgXcQ), so remotely served content can be injected into model prompts and therefore directly control instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 07:23 AM