elestio
Fail
Audited by Snyk on May 13, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to be given API tokens/credentials and shows CLI commands that include secrets verbatim (e.g.,
elestio login --token ...,elestio s3-backup --key X --secret Y,--password P), requiring the LLM to accept and output secret values directly.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to deploy code from arbitrary GitHub/GitLab repositories (e.g., "elestio cicd create --auto --target --repo owner/repo" and the "CLI automatically discovers the Git account, finds the repo... writes a Dockerfile, builds the Docker image"), which means the agent/CLI will fetch and interpret untrusted, user-generated repository content and act on it.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata