skills/diegosouzapw/awesome-omni-skill/api-best-practices/Snyk

api-best-practices

Fail

Audited by Snyk on Mar 17, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt includes numerous examples that embed API keys, bearer tokens, client_secrets and passwords directly in headers, query strings, and request bodies, which encourages the agent to include secret values verbatim in generated code/requests.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The metadata’s install_command and raw_url fetch the skill text from https://raw.githubusercontent.com/majiayu000/claude-skill-registry-data/main/data/api-best-practices/SKILL.md, which supplies the skill instructions that the agent would load and follow—i.e., external content directly controlling prompts and required for the skill.

Issues (2)

W007

HIGH

Insecure credential handling detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

HIGH

Analyzed

Mar 17, 2026, 05:56 AM

Issues

2