night-park
Fail
Audited by Snyk on Jun 17, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly requires reading CLAUDE_CODE_SESSION_ID and embedding the full UUID verbatim into disk files, engram saves, and the final printed resume command, forcing the LLM to output a secret-like value.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The skill drafts the handoff by “Read the conversation context” (Step 3) and then writes that derived text into the LLM/agent context via
mem_save/mem_session_summary, so any outsider-authored messages present in the conversation history can be ingested into the model’s context through the conversation-to-summary path (indirect prompt injection risk).
MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
- Hidden Unicode characters detected (1 type(s) found)
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W021
MEDIUMHidden or invisible Unicode characters detected (potential obfuscation or prompt injection).
Audit Metadata