gcx-observability

Fail

Audited by Snyk on May 15, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the agent to request a Grafana API token from the user and to run commands like gcx config set contexts.<name>.grafana.token <token>, which requires embedding the secret verbatim into generated commands/configs, creating a high exfiltration risk.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
May 15, 2026, 11:58 AM
Issues
1
Security Audit — snyk — gcx-observability