dual-ai

Fail

Audited by Snyk on Jul 5, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill writes the user prompt verbatim into launcher prompt files and (in the interactive launcher flow) passes that content as a command-line argument to external CLIs, which means any API keys or secrets included in the user prompt would be persisted and passed verbatim (exposing them via files/process args); orchestrated mode is safer (prompts piped via stdin), but the interactive flow is a high-risk pattern.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs creating and executing launcher scripts, changing permissions, spawning external processes and passing flags that "dangerously" bypass permissions/sandboxing (and even PowerShell's ExecutionPolicy Bypass), which urges bypassing security controls and materially changes the host state — so it poses a high risk of compromising the machine.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 5, 2026, 06:07 PM
Issues
2
Security Audit — snyk — dual-ai