content-security-scan
Automates a 7-step security scan for external content, ensuring safety against supply-chain attacks and prompt injections.
Install this skill
or
52/100
Security score
The content-security-scan skill was audited on May 12, 2026 and we found 8 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
medium line 286
Template literal with variable interpolation in command context
SourceSKILL.md
| 286 | args: `"${fetchedContent}" "${sourceUrl}"`, |
medium line 59
Access to .env file
SourceSKILL.md
| 59 | - EXFILTRATION SCAN: Detect curl/wget/fetch to non-github.com domains, process.env access, readFile + HTTP combos |
medium line 176
Access to .env file
SourceSKILL.md
| 176 | | Outbound HTTP with local data | `fetch`/`curl`/`wget` + `readFile`/`process.env` in same context | |
medium line 178
Access to .env file
SourceSKILL.md
| 178 | | process.env access | `process.env.` in non-example context | |
low line 184
Access to .env file
SourceSKILL.md
| 184 | reason: Exfiltrate local secrets, .env files, agent context to attacker server |
critical line 157
Prompt injection: ignore instructions
SourceSKILL.md
| 157 | | Instruction override | "ignore previous instructions", "disregard all rules", "forget your constraints" | |
low line 307
External URL reference
SourceSKILL.md
| 307 | --source-url "https://..." \ |
low line 316
External URL reference
SourceSKILL.md
| 316 | "source_url": "https://...", |
Scanned on May 12, 2026
View Security Dashboard