code-understanding

Fail

Audited by Snyk on May 31, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill mandates quoting exact file lines as evidence and producing structured outputs containing code snippets, which forces the LLM to emit verbatim file contents that may include API keys, tokens, or passwords and thus risks secret exfiltration.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 0.90). The content includes an "auto-approve" / exact-invocation mechanism for libexec/raptor-* commands that effectively grants privileged execution of arbitrary scripts when they are present and invoked in that exact form (a backdoor/RCE and supply-chain risk), and otherwise provides attacker-oriented tooling/instructions that could be misused for data discovery or exfiltration despite its stated defensive intent.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 31, 2026, 12:32 AM
Issues
2
Security Audit — snyk — code-understanding