pp-zoom

Fail

Audited by Snyk on Jun 25, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill's examples and commands explicitly accept and persist unencrypted meeting passwords (e.g., URLs with ?pwd=abc and "extracts ID + unencrypted password") and instruct the agent to pass those values verbatim to the CLI, meaning the LLM may be required to handle/output secret values directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite install commands fetch and execute remote code — e.g., "npx -y @mvanhorn/printing-press-library install zoom --cli-only" and "go install github.com/mvanhorn/printing-press-library/library/productivity/zoom/cmd/zoom-pp-cli@latest" — so the GitHub/npm package content is pulled at setup/runtime and is a required dependency for the skill.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 25, 2026, 10:32 PM
Issues
2
Security Audit — snyk — pp-zoom