skills/gupsammy/claudest/create-skill/Snyk

create-skill

Fail

Audited by Snyk on May 15, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs using bang-backtick dynamic injection to include command outputs (including "env vars") into generated content, which can make the model see and then emit environment-held secrets verbatim.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

May 15, 2026, 01:18 PM

Issues

1

Security Audit — snyk — create-skill