delegate

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to transcribe exact user-provided content into files and to run exact commands, which requires emitting any secrets or API keys verbatim if the user includes them, creating an exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly allows writing arbitrary files and running arbitrary commands (which can change machine state or target system files), so it poses a real risk of modifying the host, though it does not explicitly instruct privilege escalation or creating users.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 03:53 AM
Issues
2