pp-qbo
Fail
Audited by Snyk on Jun 25, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows the auth command using --client-id and --client-secret flags (e.g., qbo-pp-cli auth login --client-id --client-secret ), which requires the agent/LLM to embed secret values verbatim into commands or outputs.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill's runtime prerequisites instruct installing and running remote code (e.g., "npx -y @mvanhorn/printing-press-library install qbo" and "go install github.com/mvanhorn/printing-press-library/library/payments/qbo/cmd/qbo-pp-cli@latest"), which would fetch and execute external code that the skill requires to operate.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a QuickBooks Online–specific CLI intended to manage accounting data. It exposes explicit create/update commands for financial resources (e.g., "payments create", "bills create", "purchases create", "invoices create", "journal-entries create", "accounts create") and reconciliation ("reconcile") as well as payment management and delivery options. It requires OAuth2 auth and supports an --agent non-interactive mode, enabling automated, non-interactive execution of those financial actions. Because these are specific, first-class financial operations (creating/updating payments, bills, invoices, purchases, journal entries), this qualifies as direct financial execution authority.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata