loop-finder

Fail

Audited by Snyk on Jul 4, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt requires reading local chat session files and extracting & quoting user message text as "evidence," which risks exposing API keys, tokens, or passwords present in those messages (i.e., outputting secrets verbatim).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs the agent to write/append persistent agent system-instruction files in user config directories (e.g., ~/.pi/agent/AGENTS.md, ~/.codex/AGENTS.md, ~/.claude/CLAUDE.md), which modifies the machine's state and can alter assistant behavior — a persistent configuration change risk even though it doesn't request sudo or create users.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 4, 2026, 06:03 AM
Issues
2
Security Audit — snyk — loop-finder