pp-shopping
Fail
Audited by Snyk on Jun 13, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). This skill explicitly instructs setting an API key either via an env var or by running
shopping-pp-cli auth set-token <key>, which encourages placing the secret directly on the command line (or embedding it in requests as the X-API-Key header) — a clear verbatim secret-handling/exfiltration risk.
Issues (1)
W007
HIGHInsecure credential handling detected in skill instructions.
Audit Metadata