skills/cometchat/cometchat-skills/cometchat-android-v5-features/Snyk

cometchat-android-v5-features

Fail

Audited by Snyk on May 7, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding an OpenAI API key with the CLI flag --openai-key sk-... (and similar placeholders), which requires the agent to include secret values verbatim in commands/outputs, creating an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 7, 2026, 07:09 AM

Issues

1