Skills
skills/yaklang/hack-skills/open-redirect/Snyk

open-redirect

Fail

Audited by Snyk on Apr 10, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These URLs are highly suspicious: they include attacker-controlled domains (evil.com, phishing.com, attacker.com), many open-redirect/URL-bypass patterns (userinfo, null-byte, encoded slashes, parameter-based redirects, protocol-relative URLs), redirect chains that can deliver phishing or malware (including a metadata IP 169.254.169.254 for SSRF), and links that can obscure or redirect to malicious downloads rather than legitimate sources.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This document is an explicit attacker-oriented playbook that teaches how to exploit open-redirects and chain them to steal credentials/tokens, perform phishing, CSRF/Referer bypasses, and SSRF — clearly deliberate malicious guidance.

Issues (2)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 10, 2026, 04:57 AM
Issues
2