amazon-documentdb

Fail

Audited by Snyk on Jun 19, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires AWS CLI commands that include the master user password inline (e.g., --master-user-password '') and mandates using those exact commands, forcing the LLM to accept and/or emit secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and runs code from the GitHub repository at https://github.com/awslabs/amazon-documentdb-tools during runtime (git clone followed by running the compat/index tools), which fetches and executes remote code and is treated as a required dependency, so it is flagged.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 19, 2026, 11:16 AM
Issues
2
Security Audit — snyk — amazon-documentdb