azuresql-db-ci
Fail
Audited by Snyk on Jul 8, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The prompt mostly uses CI secrets and env vars (safe), but it includes a canonical start script that hardcodes a plaintext password ("YourStr0ng_Passw0rd") and passes it on the command line, which would require embedding secret values verbatim and is an insecure pattern.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill pulls and runs a required container image from the private registry sqldbpreview-dpgaeqhmgphzd4bk.azurecr.io/azure-sql/db-dev:latest at runtime, which fetches and executes remote code as a required dependency.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata