skills/fab2295/sap-skills/sap-cap-code-review/Snyk

sap-cap-code-review

Fail

Audited by Snyk on May 11, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill reads project config files (including xs-security.json, manifest.yaml, etc.) and requires embedding verbatim file excerpts as "Evidence" in the report with no redaction rules, so it can expose API keys/secrets directly in output.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 11, 2026, 11:14 PM

Issues

1

Security Audit — snyk — sap-cap-code-review