scan-cyber-threats

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill prompt embeds a literal-looking API key value (wm_0123456… ) in the documentation, which encourages the LLM to reproduce or use a secret verbatim and thereby creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The required workflow calls a WorldMonitor API endpoint and ingests the JSON response (including threat indicators and metadata) into the agent context; since those indicators are sourced from external/public threat feeds (e.g., urlhaus/feodotracker/cisa), this is outsider-authored free text/data at runtime.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The document contains a literal API key-like value on line 10: "wm_0123456789abcdef0123456789abcdef01234567". This is a high-entropy, concrete credential string (prefix "wm_" plus 40 hex chars), not a placeholder such as "YOUR_API_KEY" or "sk-xxxx". It appears directly usable as an API key, so it should be treated as a secret. No other high-entropy secrets are present; other values are parameter names, examples, or clearly placeholder text.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 8, 2026, 03:29 PM
Issues
3
Security Audit — snyk — scan-cyber-threats