night-park

Fail

Audited by Snyk on Jun 17, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly requires reading CLAUDE_CODE_SESSION_ID and embedding the full UUID verbatim into disk files, engram saves, and the final printed resume command, forcing the LLM to output a secret-like value.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The skill drafts the handoff by “Read the conversation context” (Step 3) and then writes that derived text into the LLM/agent context via mem_save/mem_session_summary, so any outsider-authored messages present in the conversation history can be ingested into the model’s context through the conversation-to-summary path (indirect prompt injection risk).

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 08:40 AM
Issues
3
Security Audit — snyk — night-park