pp-shopping

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). This skill explicitly instructs setting an API key either via an env var or by running shopping-pp-cli auth set-token <key>, which encourages placing the secret directly on the command line (or embedding it in requests as the X-API-Key header) — a clear verbatim secret-handling/exfiltration risk.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 07:07 PM
Issues
1
Security Audit — snyk — pp-shopping