here-now
Fail
Audited by Snyk on May 24, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to request sign-in codes/API keys and to embed/save them verbatim in commands, headers (e.g., Authorization: Bearer ), or credentials files — which forces the LLM to handle secret values directly and risks exfiltration.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires fetching and reading the live documentation at runtime ("https://here.now/docs") and instructs agents to consult it before answering, meaning external content from that URL is used to directly control agent instructions and is a required dependency.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata