cli/lark-calendar larksuite | | The skill permits arbitrary code execution and command injection via system | 7.9k | 57.2k | 6 | 100Critical |
cli/lark-shared larksuite | | The skill uses prompt injection to execute arbitrary commands like | 7.9k | 57.1k | 3 | 100Critical |
cli/lark-mail larksuite | | This email skill is vulnerable to prompt injection | 7.9k | 57.1k | 8 | 100Critical |
cli/lark-whiteboard larksuite | | The skill allows prompt injection, executes host commands via ` | 7.9k | 56.9k | 6 | 100Critical |
mx-finance-search financial-ai-analyst | | The financial-ai-analyst skill is vulnerable to | 57 | 14.2k | 3 | 100Critical |
university-applications wscats | | The skill is vulnerable to prompt and command | 9 | 11.9k | 7 | 100Critical |
qq-zone-photo wscats | | This skill is vulnerable to prompt | 3 | 11.4k | 3 | 40Medium |
weiyun-skills wscats | | This skill is vulnerable to prompt | 3 | 11.3k | 5 | 100Critical |
awesome-copilot/breakdown-feature-implementation github | | Instruction boundary manipulation and path traversal vulnerability allow | 29.9k | 8.4k | 2 | 70High |
industry-research-report financial-ai-analyst | | This skill is highly vulnerable to command injection and prompt injection | 3 | 7.0k | 11 | 100Critical |
beauty-generation-api luruibu | | The skill harvests user PII via an unverified domain | 12 | 5.8k | 9 | 100Critical |
stock-price-query tjefferson | | The stock price query skill is vulnerable to prompt injection, | 18 | 4.6k | 1 | 100Critical |
xiaohongshu-all-in-one richardx0319 | | The skill executes arbitrary commands, accesses user files, | 6 | 4.2k | 8 | 100Critical |
tencent-cos-skill shawnminh | | The skill is vulnerable to prompt and command injection, allowing | 4 | 3.7k | 7 | 100Critical |
venice-ai jonisjongithub | | The skill is vulnerable to command injection and prompt injection | 3 | 2.7k | 5 | 100Critical |
cuecue-deep-research xfgong | | This research skill allows prompt injection, arbitrary file writes | 2 | 2.6k | 5 | 100Critical |
libtv-skill haofanwang | | This skill enables prompt injection against downstream AI, | 4 | 2.4k | 6 | 100Critical |
edgeone-clawscan aigsec | | The skill uses prompt injection and social | 114 | 2.2k | 8 | 100Critical |
attribution-engine otherpowers | | The skill is vulnerable to prompt | 1 | 2.1k | 2 | 100Critical |
tencent-cloud-cos shawnminh | | This skill is highly vulnerable to command injection and prompt injection | 0 | 1.9k | 5 | 100Critical |
x-publisher manifoldor | | The x-publisher skill is vulnerable to | 4 | 1.8k | 3 | 70High |
baidu-ecommerce-search crossallen | | The skill is vulnerable to prompt injection and shell | 2 | 1.7k | 4 | 100Critical |
libtv-skills 316530790 | | This skill is vulnerable to prompt | 3 | 1.6k | 2 | 100Critical |
eastmoney-fin-data qqk000 | | The skill is vulnerable to prompt injection and path traversal, risking arbitrary file creation and persistence. | 8 | 1.5k | 2 | 40Medium |
tencentcloud-cos-skills shawnminh | | The skill is vulnerable to arbitrary | 0 | 1.5k | 7 | 100Critical |
taobao-image-search lazygunner | | The skill is vulnerable to prompt injection and persistently stores sensitive user credentials locally, risking exfiltration by other processes. | 4 | 1.4k | 2 | 100Critical |
feishu-project-connector wadxm | | This skill is vulnerable to prompt and command injection, ex | 1 | 1.4k | 5 | 100Critical |
word ivangdavila | | Vulnerable to prompt injection, the | 1 | 1.3k | 5 | 100Critical |
jimeng-image-gen ken0521 | | This image generation skill is highly vulnerable to prompt, | 4 | 1.2k | 5 | 70High |
pdf-to-word zhao1263445468 | | This PDF-to-Word skill is vulnerable to prompt | 1 | 1.1k | 4 | 100Critical |
moss-trade-bot-factory fei-moss | | This trading bot skill is vulnerable to prompt injection, | 3 | 1.1k | 5 | 100Critical |
openclaw-wechat-mp-guide yang1002378395-cmyk | | The skill is vulnerable to prompt injection, allowing attackers to manipulate its behavior. | 1 | 1.0k | 1 | 100Critical |
openclaw-api-tester theshadowrose | | The API tester skill is vulnerable to | 0 | 1.0k | 2 | 100Critical |
stanley-druckenmiller-workflow luckycatl | | The skill is vulnerable to prompt injection and can | 2 | 958 | 2 | 100Critical |
baidu-netdisk-storage may-yaha | | The skill is highly vulnerable to prompt injection and arbitrary | 2 | 940 | 13 | 100Critical |
productivity-skill yewubin-jpg | | This skill is vulnerable to prompt injection | 2 | 914 | 12 | 100Critical |
github-copilot-for-azure/azure-quotas microsoft | | The Azure Quotas skill is vulnerable to | 186 | 445 | 1 | 40Medium |
tencent-agent-storage shawnminh | | This skill is vulnerable to prompt injection, can exfiltr | 0 | 274 | 5 | 100Critical |
agent-memory-wisdom 384961890-ui | | This skill is a design specification that, if implemented | 3 | 259 | 5 | 100Critical |
vipshop-skills viphgta | | The skill is vulnerable to prompt injection, stores | 6 | 227 | 6 | 100Critical |
culturetour-skill fengyily | | The skill is vulnerable to prompt injection, bypass | 0 | 158 | 6 | 100Critical |
showmethemoney-pro bubblevan | | This skill enables an attacker- | 0 | 124 | 12 | 100Critical |
noah-stock-market xuyun9160-lgtm | | The skill is vulnerable to prompt injection, exposes internal | 0 | 122 | 6 | 100Critical |
q-erp ljqdh | | The skill is vulnerable to prompt injection | 1 | 114 | 4 | 100Critical |
tun-zei lt8899789 | | The skill is vulnerable to prompt injection and can cause | 0 | 90 | 4 | 70High |
book-companion ai-innopower | | The skill is vulnerable to prompt injection, | 0 | 84 | 4 | 100Critical |
today-task-for-xiaoyi-claw ganhaiyang3 | | The skill exfiltrates sensitive API keys and user | 0 | 81 | 12 | 100Critical |
todo4-onboard panitw | | This skill is highly vulnerable to command injection, ex | 0 | 77 | 15 | 100Critical |
