cwv-optimizer
Fail
Audited by Snyk on Jul 7, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt's example code requires embedding a secret-like domain key (RUM_DOMAIN_KEY) directly into a fetch URL query parameter, which would force the LLM/agent to handle/include the secret verbatim in requests or generated code.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). This skill’s required workflow explicitly fetches external web pages/HTML at runtime (public web content supplied by the user), which can include outsider-authored free text that the agent would ingest for analysis.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata