010107-code-quality

Fail

Audited by Snyk on Jul 8, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the documentation for literal credential values. The only high-entropy-looking, literal credential present is the API key string in references/security.md: const apiKey = 'sk-1234567890abcdef'; this matches an API-key pattern (sk-) and is not a generic placeholder like YOUR_API_KEY or sk-xxxx, so I flag it as a potential hardcoded secret.

I am ignoring other values:

  • postgresql://user:pass@localhost (same code block) — low-entropy, clearly an illustrative username/password (“user”/“pass”), treated as a documentation example and not flagged.
  • Example passwords and emails elsewhere (e.g., 'password', admin@example.com) — low-entropy or explicit examples, so ignored per the rules. No redaction markers like REDACTED_SECRET_... are present.

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 8, 2026, 12:18 PM
Issues
1
Security Audit — snyk — 010107-code-quality