cli/firecrawl-cli firecrawl | | The skill permits arbitrary command injection and | 298 | 455.6k | 4 | 70High |
cli/firecrawl firecrawl | | The skill allows arbitrary `firecrawl` | 298 | 455.6k | 1 | 100Critical |
cli/firecrawl-interact firecrawl | | This skill grants broad Bash execution permissions, enabling arbitrary command | 298 | 455.6k | 3 | 100Critical |
agent-skills/firebase-security-rules-auditor firebase | | The skill misrepresents itself as an active Firebase security rules | 224 | 455.6k | 1 | 5Low |
agent-skills/firebase-app-hosting-basics firebase | | The skill deceptively claims to deploy applications but only | 224 | 455.6k | 1 | 40Medium |
agent-skills/firebase-data-connect-basics firebase | | The skill allows raw SQL string literals, enabling SQL injection and data exfiltration, posing a significant security risk. | 224 | 455.6k | 1 | 70High |
skills/expo-ui-swift-ui expo | | No security issues detected in expo/skills/expo-ui-swift-ui. | 1.7k | 455.6k | – | 0None |
agent-skills/firebase-ai-logic-basics firebase | | No security issues detected in firebase/agent-skills/firebase-ai-logic-basics. | 224 | 455.6k | – | 0None |
agent-skills/developing-genkit-go firebase | | The skill introduces supply chain risks via `curl | bash` installation and prompt injection vulnerabilities by directly interpolating user input into AI prompts. | 224 | 455.6k | 2 | 100Critical |
skills/use-dom expo | | The skill exposes native functions to untrusted web content | 1.7k | 455.6k | 2 | 70High |
skills/expo-module expo | | No security issues detected in expo/skills/expo-module. | 1.7k | 455.6k | – | 0None |
skills/expo-ui-jetpack-compose expo | | No security issues detected in expo/skills/expo-ui-jetpack-compose. | 1.7k | 455.6k | – | 0None |
Claude-plugins/extensive-build Fleron | | The skill is vulnerable to prompt injection, allowing sub- | 0 | 455.6k | 2 | 70High |
Claude-plugins/create-feature Fleron | | No security issues detected in Fleron/Claude-plugins/create-feature. | 0 | 455.6k | – | 0None |
Claude-plugins/brainstorm Fleron | | No security issues detected in Fleron/Claude-plugins/brainstorm. | 0 | 455.6k | – | 0None |
claude-code/skill-development anthropics | | No security issues detected in anthropics/claude-code/skill-development. | 114.4k | 455.6k | – | 0None |
claude-code/mcp-integration anthropics | | No security issues detected in anthropics/claude-code/mcp-integration. | 114.4k | 455.6k | – | 0None |
claude-code/plugin-structure anthropics | | This skill describes a plugin architecture | 114.4k | 455.6k | 4 | 40Medium |
claude-code/plugin-settings anthropics | | The skill allows command injection and persistent malicious execution via user | 114.4k | 455.6k | 5 | 100Critical |
claude-code/claude-opus-4-5-migration anthropics | | The skill grants broad file system access and inject | 114.4k | 455.6k | 2 | 40Medium |
claude-code/command-development anthropics | | This skill enables severe command injection and arbitrary file system access | 114.4k | 455.6k | 6 | 100Critical |
claude-code/hook-development anthropics | | The skill misrepresents its capabilities, | 114.4k | 455.6k | 1 | 5Low |
claude-code/agent-development anthropics | | This agent skill allows arbitrary command execution, | 114.4k | 455.6k | 5 | 100Critical |
claude-code/writing-rules anthropics | | No security issues detected in anthropics/claude-code/writing-rules. | 114.4k | 455.6k | – | 0None |
Claude-plugins/team-plan Fleron | | The skill is vulnerable to prompt and command injection, allowing | 0 | 455.6k | 5 | 70High |
Claude-plugins/tdd Fleron | | The skill uses dogmatic language to rigidly enforce | 0 | 455.6k | 2 | 15Low |
Claude-plugins/team-build Fleron | | This skill enables arbitrary code execution and system compromise by executing user-defined plans from arbitrary file paths. | 0 | 455.6k | 1 | 100Critical |
Claude-plugins/review-claudemd Fleron | | The skill risks resource exhaustion from | 0 | 455.6k | 2 | 40Medium |
Claude-plugins/plan-writing Fleron | | The skill delegates execution to sub-skills, expanding the attack surface and risking exploitation of downstream vulnerabilities or control bypass. | 0 | 455.6k | 1 | 40Medium |
Claude-plugins/handoff-md Fleron | | Designed to write a shared document, this skill poses a | 0 | 455.6k | 2 | 70High |
Claude-plugins/subagent-driven-development Fleron | | This skill allows subagents to | 0 | 455.6k | 7 | 100Critical |
Claude-plugins/receive-pr-review Fleron | | The skill uses a hardcoded phrase as | 0 | 455.6k | 1 | 15Low |
self-improving-agent pskoett | | This skill enables arbitrary command execution via hook scripts and | 3.2k | 395.7k | 6 | 100Critical |
azure-skills/azure-deploy microsoft | | This skill executes powerful cloud commands and is vulnerable to | 633 | 174.7k | 3 | 100Critical |
azure-skills/azure-ai microsoft | | The skill misrepresents its capabilities, | 633 | 174.7k | 1 | 70High |
azure-skills/azure-prepare microsoft | | The skill uses prompt injection to override agent autonomy, enforce | 633 | 174.6k | 13 | 100Critical |
azure-skills/azure-diagnostics microsoft | | This Azure diagnostics skill is vulnerable to command injection via | 633 | 174.6k | 2 | 70High |
azure-skills/azure-compute microsoft | | The skill's description indicates sensitive operations like password resets and network troubleshooting that could be abused if not properly secured. | 633 | 174.6k | 1 | 5Low |
azure-skills/azure-validate microsoft | | The skill attempts to jailbreak the agent, | 633 | 174.5k | 9 | 70High |
azure-skills/entra-app-registration microsoft | | No security issues detected in microsoft/azure-skills/entra-app-registration. | 633 | 174.5k | – | 0None |
azure-skills/azure-storage microsoft | | The skill exposes direct Azure CLI | 633 | 174.5k | 2 | 70High |
azure-skills/azure-resource-lookup microsoft | | The Azure Resource Lookup skill allows arbitrary shell command injection through unsanitized user intent | 633 | 174.5k | 2 | 100Critical |
azure-skills/azure-resource-visualizer microsoft | | The skill permits arbitrary Azure CLI command execution through injection due to insufficient input sanitization, despite a semantic read- | 633 | 174.5k | 2 | 70High |
azure-skills/azure-messaging microsoft | | Exposes a tool for KQL queries on diagnostic logs, risking data exfiltration and reconnaissance if the agent is | 633 | 174.5k | 1 | 40Medium |
azure-skills/azure-rbac microsoft | | No security issues detected in microsoft/azure-skills/azure-rbac. | 633 | 174.5k | – | 0None |
azure-skills/azure-hosted-copilot-sdk microsoft | | No security issues detected in microsoft/azure-skills/azure-hosted-copilot-sdk. | 633 | 174.5k | – | 0None |
azure-skills/azure-compliance microsoft | | The skill risks command injection by executing external tools with potentially unsanitized user input. | 633 | 174.5k | 1 | 40Medium |
azure-skills/appinsights-instrumentation microsoft | | The skill allows arbitrary command execution and broad | 633 | 174.5k | 3 | 70High |
