security-guide
Fail
Audited by Snyk on Jul 1, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt explicitly requires scanning files and environment variables for plaintext secrets and could cause the agent to read and display secret values (e.g., .env, environment vars, audit logs) verbatim in its output, creating an exfiltration risk.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to inspect and change system state (firewall rules, chmod sensitive files, run Docker containers, and offer an automated "/harden fix" flow), which includes actions that require elevated privileges and thus could modify or compromise the host system.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata