brain-new

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill explicitly requires accepting raw, unstructured input and routing every piece verbatim into vault files and an appended processing log/summary (and also silently reading vault context), so any API keys, tokens, or passwords present in the input or read files would be reproduced in outputs—constituting an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt instructs the agent to read and write local vault files and create new files under Machine/ and Human/, directly modifying the filesystem and machine state (though it doesn't request sudo or system-level changes), so it poses a non-trivial risk.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 01:46 AM
Issues
2