content-security-scan
Automates a 7-step security scan for external content, ensuring safety against supply-chain attacks and prompt injections.
Install this skill
or
52/100
Security score
The content-security-scan skill was audited on Mar 2, 2026 and we found 8 security issues across 4 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
medium line 283
Template literal with variable interpolation in command context
SourceSKILL.md
| 283 | args: `"${fetchedContent}" "${sourceUrl}"`, |
medium line 56
Access to .env file
SourceSKILL.md
| 56 | - EXFILTRATION SCAN: Detect curl/wget/fetch to non-github.com domains, process.env access, readFile + HTTP combos |
medium line 173
Access to .env file
SourceSKILL.md
| 173 | | Outbound HTTP with local data | `fetch`/`curl`/`wget` + `readFile`/`process.env` in same context | |
medium line 175
Access to .env file
SourceSKILL.md
| 175 | | process.env access | `process.env.` in non-example context | |
low line 181
Access to .env file
SourceSKILL.md
| 181 | reason: Exfiltrate local secrets, .env files, agent context to attacker server |
critical line 154
Prompt injection: ignore instructions
SourceSKILL.md
| 154 | | Instruction override | "ignore previous instructions", "disregard all rules", "forget your constraints" | |
low line 304
External URL reference
SourceSKILL.md
| 304 | --source-url "https://..." \ |
low line 313
External URL reference
SourceSKILL.md
| 313 | "source_url": "https://...", |
Scanned on Mar 2, 2026
View Security DashboardInstall this skill with one command
/learn @oimiragieo/content-security-scan