graphify
Fail
Audited by Snyk on Jun 29, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt instructs the agent to ask for and then use credentials for Neo4j in a command-line example (--password PASSWORD), which requires embedding secrets verbatim into generated commands/outputs (high exfiltration risk), even though other parts use safer env-var patterns.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). Outsider free text can enter the LLM context during Step 3B semantic extraction: the Agent subagents read and process FILE_LIST items that come from user-supplied paths/URLs (e.g., cloned GitHub repos or fetched webpages via
/graphify add <url>), and those files’ contents are ingested as readable text into the subagent prompts.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata