brain-new
Fail
Audited by Snyk on Jun 17, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill explicitly requires accepting raw, unstructured input and routing every piece verbatim into vault files and an appended processing log/summary (and also silently reading vault context), so any API keys, tokens, or passwords present in the input or read files would be reproduced in outputs—constituting an exfiltration risk.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt instructs the agent to read and write local vault files and create new files under Machine/ and Human/, directly modifying the filesystem and machine state (though it doesn't request sudo or system-level changes), so it poses a non-trivial risk.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata