pp-tesla

Fail

Audited by Snyk on May 25, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The skill mostly uses secure flows (browser PKCE, files, exported encrypted bundles, and stdin/env) but it also documents insecure patterns that would require verbatim secrets in output (e.g., "auth login --refresh-token " and instructions to copy client_id/client_secret or paste redirect URLs), so an LLM could be asked to emit or relay raw tokens/credentials.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
May 25, 2026, 06:06 AM
Issues
1
Security Audit — snyk — pp-tesla