bughunt

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The workflow explicitly requires agents to include code "evidence" snippets and to return exact old_string/new_string edits (verbatim), so any API keys, tokens, or passwords present in the repo would be read and emitted by the LLM.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The skill mandates fully autonomous, no-confirmation operation and instructs the system to aggressively spawn remote "Agent" subagents, sending code/sections and proposed edits off-platform and applying edits automatically — this creates high-risk patterns for data exfiltration, unauthorized repository modification/supply-chain tampering, and potential remote code execution/backdoors.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 13, 2026, 10:45 PM
Issues
2
Security Audit — snyk — bughunt