scan-cyber-threats
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill prompt embeds a literal-looking API key value (wm_0123456… ) in the documentation, which encourages the LLM to reproduce or use a secret verbatim and thereby creates an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The required workflow calls a WorldMonitor API endpoint and ingests the JSON response (including threat indicators and metadata) into the agent context; since those indicators are sourced from external/public threat feeds (e.g., urlhaus/feodotracker/cisa), this is outsider-authored free text/data at runtime.
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). The document contains a literal API key-like value on line 10: "wm_0123456789abcdef0123456789abcdef01234567". This is a high-entropy, concrete credential string (prefix "wm_" plus 40 hex chars), not a placeholder such as "YOUR_API_KEY" or "sk-xxxx". It appears directly usable as an API key, so it should be treated as a secret. No other high-entropy secrets are present; other values are parameter names, examples, or clearly placeholder text.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata