dual-ai
Fail
Audited by Snyk on Jul 5, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill writes the user prompt verbatim into launcher prompt files and (in the interactive launcher flow) passes that content as a command-line argument to external CLIs, which means any API keys or secrets included in the user prompt would be persisted and passed verbatim (exposing them via files/process args); orchestrated mode is safer (prompts piped via stdin), but the interactive flow is a high-risk pattern.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs creating and executing launcher scripts, changing permissions, spawning external processes and passing flags that "dangerously" bypass permissions/sandboxing (and even PowerShell's ExecutionPolicy Bypass), which urges bypassing security controls and materially changes the host state — so it poses a high risk of compromising the machine.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata