Skills
skills/azurecosmosdb/cosmosdb-agent-kit/cosmosdb-sdk/Snyk

cosmosdb-sdk

Fail

Audited by Snyk on Jun 24, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the document for literal, high-entropy credentials. I found repeated occurrences of the Azure Cosmos DB Emulator master key:

C2y6yDjf5/R+ob0N8A7Cgv30VRDJIWEHLM+4QDU5DE2nQ9nDuVTqobD4b8mGGyPMbIZnqyMsEcaGQy67XIw/Jw==

This is a high-entropy, literal key that grants access to the Cosmos DB emulator. Although it is a well-known emulator default (intended for local development and documented as such), it is a real credential string present verbatim in the docs and therefore matches the "high-entropy literal value that provides access" definition.

Other literals seen (e.g., the JDK keystore password "changeit") are default/setup values or simple strings; those are low-security/setup values and I ignored them per the rules.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 12:36 PM
Issues
1
Security Audit — snyk — cosmosdb-sdk