code-understanding
Fail
Audited by Snyk on May 31, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill mandates quoting exact file lines as evidence and producing structured outputs containing code snippets, which forces the LLM to emit verbatim file contents that may include API keys, tokens, or passwords and thus risks secret exfiltration.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The content includes an "auto-approve" / exact-invocation mechanism for libexec/raptor-* commands that effectively grants privileged execution of arbitrary scripts when they are present and invoked in that exact form (a backdoor/RCE and supply-chain risk), and otherwise provides attacker-oriented tooling/instructions that could be misused for data discovery or exfiltration despite its stated defensive intent.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
Audit Metadata