meta-prompting
Fail
Audited by Snyk on May 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill explicitly rewrites and emits the user's raw prompt verbatim (pasting it into a quoted heredoc and showing it inline), so any API keys, tokens, or passwords included in the draft would be reproduced exactly and exfiltrated.
Issues (1)
W007
HIGHInsecure credential handling detected in skill instructions.
Audit Metadata