Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/research-pipeline/Snyk

research-pipeline

Warn

Audited by Snyk on Apr 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The pipeline's /research-lit step (ARXIV_DOWNLOAD=true) explicitly downloads and ingests arXiv PDFs — public, third-party documents — as part of the idea-discovery/literature survey, so external untrusted content is read and can influence idea selection and subsequent autonomous actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill directs the agent to autonomously modify the repository and system state (write files, retry via Bash redirects, sync code to remote servers, launch screen sessions and experiments) without requiring explicit user permission in some cases, which meaningfully risks changing the machine state even though it does not request sudo, edit system configs, or create users.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 10:25 AM
Issues
2