pp-zoom
Fail
Audited by Snyk on Jun 25, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill's examples and commands explicitly accept and persist unencrypted meeting passwords (e.g., URLs with ?pwd=abc and "extracts ID + unencrypted password") and instruct the agent to pass those values verbatim to the CLI, meaning the LLM may be required to handle/output secret values directly.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite install commands fetch and execute remote code — e.g., "npx -y @mvanhorn/printing-press-library install zoom --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/productivity/zoom/cmd/zoom-pp-cli@latest" — so the GitHub/npm package content is pulled at setup/runtime and is a required dependency for the skill.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata