prompt-engineering

Fail

Audited by Socket on Jun 22, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
references/prompting-techniques.md

No direct evidence of intentionally malicious code in the document; it is an educational guide. However, it contains multiple high-risk patterns that can lead to severe compromise when reused in real systems: executing LLM-generated code with exec(), naïve propagation of secrets from .env into runtime, and sending private documents/prompts to external retrieval/LLM providers. Recommendation: remove or strongly mitigate exec() usage (replace with sandboxed interpreters, strict AST-based validators, or a vetted set of allowed operations), adopt secure secrets handling (use vaults, ephemeral tokens, avoid broad os.environ exposure), treat retrieval/agents as untrusted (redact sensitive fragments, apply data-leakage prevention, minimize sent context), and document explicit safety controls and threat model before publishing runnable examples intended for production use.

Confidence: 90%
Audit Metadata
Analyzed At
Jun 22, 2026, 04:56 AM
Package URL
pkg:socket/skills-sh/CodeAlive-AI%2Fceo-ai-os%2Fprompt-engineering%2F@495d8a609fce22ba045318deabfb4696a3696a792e802766206bc534feff8713
Security Audit — socket — prompt-engineering