github-repo-management
Fail
Audited by Snyk on May 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secret values verbatim in commands/scripts (e.g., gh secret set API_KEY --body "your-secret-value" and a Python snippet encrypting 'your-secret-value'), and also shows reading tokens from files to place into Authorization headers, which encourages emitting secret values directly rather than using protected env/CLI auth — creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and parse public GitHub content via the GitHub REST API (e.g., GET https://api.github.com/repos/{owner}/{repo}, /issues, /pulls, /gists, /actions/runs) which are untrusted, user-generated third-party sources and whose contents are used to drive actions like listing/searching repos, rerunning workflows, merging PRs, and setting values—so external content can materially influence tool use and decisions.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata