product-reel-generator

Fail

Audited by Snyk on Jul 2, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit Authorization header format ("Authorization: Key {HIGGSFIELD_API_KEY_ID}:{HIGGSFIELD_API_KEY_SECRET}") and suggests using direct curl calls, which encourages embedding the API key ID and secret verbatim into generated commands/requests (exfiltration risk), even though it also mentions storing them in a .env file.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Issues
1
Security Audit — snyk — product-reel-generator