weread-skills

Warn

Audited by Snyk on May 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes public, user-generated content from WeRead endpoints (e.g., /review/list, /book/bestbookmarks, /book/readreviews) and its workflow (see notes.md and review.md) requires the agent to read and act on those fields (and even follow server-provided upgrade_info.message), so untrusted third‑party content can materially influence subsequent tool calls and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to the gateway URL https://i.weread.qq.com/api/agent/gateway and explicitly requires honoring any returned upgrade_info.message (pausing operations and following its instructions), which means remote response content can directly control agent behavior at runtime.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 27, 2026, 06:19 AM
Issues
2
Security Audit — snyk — weread-skills