wpsnote-skills/image-gen wpsnote | | The skill is vulnerable to prompt injection, exposes API | 130 | 9 | 4 | 100Critical |
ai/island-rescue vercel | | Disguised as a guide, this | 24.0k | 4 | 4 | 100Critical |
nighteagle/nighteagle-debugging tboydar | | This skill uses prompt injection to grant the agent broad | 0 | – | 4 | 100Critical |
skills/test2 roin-orca | | The skill attempts prompt injection and contains numerous | 6 | 1 | 15 | 100Critical |
skills/test-xss roin-orca | | This skill is a malicious XSS attack tool containing numerous | 6 | 1 | 15 | 100Critical |
claude-code-plugins/issue-branch-pr-create shiiman | | The skill is vulnerable to prompt injection and arbitrary command execution | 4 | – | 5 | 100Critical |
khala/kcl-read orochi-network | | The skill allows arbitrary file reading and uses K | 0 | – | 13 | 100Critical |
pr-copilot/pr-copilot yuki777 | | The skill uses unsanitized GitHub | 0 | – | 15 | 100Critical |
superpowers/using-superpowers obra | | This skill uses prompt injection and extreme | 180.1k | 83.3k | 9 | 100Critical |
create-master xr843 | | This skill is highly vulnerable to prompt, command, and | 243 | – | 7 | 100Critical |
k-skill/kakaotalk-mac nomadamas | | This messaging skill performs unauthorized credential harvesting, stores | 4.5k | 1.7k | 14 | 100Critical |
skills/infocard markdown-viewer | | The skill enables client-side code injection | 2.4k | 1.5k | 3 | 100Critical |
cli/lark-whiteboard larksuite | | The skill allows prompt injection, executes host commands via ` | 9.3k | 91.5k | 6 | 100Critical |
ctf-skills/ctf-ai-ml ljagiello | | This skill is designed for offensive AI/ML | 1.9k | 1.9k | 5 | 100Critical |
cli/lark-shared larksuite | | The skill uses prompt injection to execute arbitrary commands like | 9.3k | 91.6k | 3 | 100Critical |
cli/lark-calendar larksuite | | The skill permits arbitrary code execution and command injection via system | 9.3k | 91.9k | 6 | 100Critical |
cli/lark-base larksuite | | The skill is vulnerable to prompt injection, enabling | 9.3k | 92.2k | 8 | 100Critical |
cli/lark-mail larksuite | | This email skill is vulnerable to prompt injection | 9.3k | 91.6k | 8 | 100Critical |
skills-benchmarks/langchain-fundamentals langchain-ai | | The skill allows arbitrary code execution via ` | 95 | 21 | 4 | 100Critical |
skills-benchmarks/deep-agents-orchestration langchain-ai | | The skill is vulnerable to prompt injection and allows creating sub | 95 | 18 | 6 | 100Critical |
caveman/caveman juliusbrussee | | This skill is vulnerable to prompt injection | 54.9k | 111.4k | 3 | 100Critical |
langchain-skills/deep-agents-orchestration langchain-ai | | The skill is highly vulnerable to prompt injection, | 655 | 27 | 5 | 100Critical |
wp-workflows/aibdd-form-activity j7-dev | | This skill is vulnerable to prompt injection and allows | 0 | – | 4 | 100Critical |
claude-skills-archive/elevenlabs-agents evolv3ai | | The skill enables agents to access sensitive data sources, | 0 | 1 | 9 | 100Critical |
wordpress-activitypub/pr automattic | | The skill is vulnerable to prompt injection by dynamically | 568 | 64 | 3 | 100Critical |
crabshell/investigating ZipperBagCoffee | | This skill is vulnerable to prompt injection, allows | 1 | – | 7 | 100Critical |
kairos-ai/evoluir VilelaAI | | This skill allows arbitrary command execution and autonomously modifies | 3 | – | 15 | 100Critical |
claude-handoff/handoff 392fyc | | This skill is vulnerable to prompt and command injection, | 1 | – | 5 | 100Critical |
vibbit-skills zgissing | | The skill is vulnerable to prompt | 0 | 141 | 4 | 100Critical |
super-train zhangxchao | | The skill is vulnerable to prompt injection, | 2 | 203 | 4 | 100Critical |
pdf-to-word zhao1263445468 | | This PDF-to-Word skill is vulnerable to prompt | 1 | 1.1k | 4 | 100Critical |
goverment-bidding-fetcher zhangpengle | | The skill is vulnerable to prompt injection and insecurely handles authentication tokens, risking credential exposure via command-line arguments. | 0 | 214 | 2 | 100Critical |
alipay-open-platform-keys zhangke091 | | The skill is vulnerable to prompt injection and executes unverified external scripts and instructions, risking arbitrary code execution and private key exposure. | 1 | 80 | 7 | 100Critical |
config-new-agent ywewanhuang | | This skill installs unverified external skills as root, creating | 0 | 125 | 12 | 100Critical |
captcha-suite yuxiaowu3000 | | This skill is designed to bypass | 0 | 179 | 11 | 100Critical |
tencent-drive-mcp yun-percy | | This skill is highly malicious, enabling prompt | 0 | 175 | 10 | 100Critical |
productivity-skill yewubin-jpg | | This skill is vulnerable to prompt injection | 2 | 914 | 12 | 100Critical |
musashi yeheskieltame | | This skill is highly vulnerable to prompt injection and command injection | 0 | 107 | 14 | 100Critical |
solid-execution yangyunxiao-ai | | This skill uses prompt injection and authoritative language | 0 | 79 | 13 | 100Critical |
openclaw-wechat-mp-guide yang1002378395-cmyk | | The skill is vulnerable to prompt injection, allowing attackers to manipulate its behavior. | 1 | 1.0k | 1 | 100Critical |
pm-requirement-flow yiguoguo | | This skill is vulnerable to prompt and command | 0 | 92 | 8 | 100Critical |
oasis-audio yuanyxu | | The skill is vulnerable to shell injection, ex | 2 | 205 | 16 | 100Critical |
turing-shikuan-demo xyyyyyaa | | The skill is vulnerable to prompt injection and uses an insecure 'test' endpoint for its external Micro-Capability Provider. | 0 | 56 | 2 | 100Critical |
noah-stock-market xuyun9160-lgtm | | The skill is vulnerable to prompt injection, exposes internal | 0 | 122 | 6 | 100Critical |
some-test-skill-private xingyeyouran | | This skill installs an unverified NPM package that can ex | 0 | 157 | 17 | 100Critical |
ai-stock-insider xujianbo0426 | | The skill executes user-controlled commands, allowing arbitrary code | 0 | 43 | 8 | 100Critical |
change-safeguard weidongkl | | This global skill is vulnerable to prompt and command injection via | 0 | 47 | 5 | 100Critical |
hook-system xhmqq616 | | This skill allows arbitrary code execution via hooks that intercept, | 0 | 89 | 13 | 100Critical |
