weread-skills
Warn
Audited by Snyk on May 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes public, user-generated content from WeRead endpoints (e.g., /review/list, /book/bestbookmarks, /book/readreviews) and its workflow (see notes.md and review.md) requires the agent to read and act on those fields (and even follow server-provided upgrade_info.message), so untrusted third‑party content can materially influence subsequent tool calls and behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the gateway URL https://i.weread.qq.com/api/agent/gateway and explicitly requires honoring any returned upgrade_info.message (pausing operations and following its instructions), which means remote response content can directly control agent behavior at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata