zeabur
Fail
Audited by Snyk on Apr 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs asking the user for an API token and embedding it verbatim in CLI commands or an Authorization header (e.g.,
npx zeabur auth login --token <TOKEN>andAuthorization: Bearer {TOKEN}), which requires the LLM to handle and output secret values directly.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and interpret content from untrusted third-party sources—e.g., deploying from arbitrary GitHub repo URLs (references/deployment.md template GIT examples) and reading build/runtime logs, file contents, and subscription messages via the public GraphQL API (references/api-reference.md) — which the agent would parse and act on as part of troubleshooting and deployment decisions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata