when-analyzing-user-intent-use-intent-analyzer

Fail

Audited by Snyk on Jun 26, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly captures process.env and filesystem/context into the agent's stored "userInput" and memory (e.g., userInput.context: { environment: process.env }) which would expose environment variables and any embedded secrets to the LLM and allow them to be included verbatim in outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill deliberately captures sensitive local context (process.env, cwd, recent edits, filesystem) and routes those artifacts into memory, disk, and external agent/hook invocations (npx claude-flow agent-spawn/hooks and embedding APIs), creating clear avenues for data exfiltration and credential theft to remote services.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes the remote npm package via runtime npx commands (e.g., "npx claude-flow@alpha" in multiple hooks/agent-spawn/skill-run lines), which will fetch and execute remote code at runtime and is relied on to spawn agents and control prompts, so this is a required external runtime dependency that can execute code.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 26, 2026, 03:22 AM
Issues
3
Security Audit — snyk — when-analyzing-user-intent-use-intent-analyzer