novu-framework-integration
Fail
Audited by Snyk on May 11, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt includes examples that instruct embedding secret values verbatim in commands and URLs (e.g., npx novu init --secret-key=<YOUR_NOVU_SECRET_KEY>, passing a bypass token in the bridge URL), which requires the agent to handle/output secrets directly and is a high exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly documents runtime HTTP fetches to arbitrary external URLs (e.g., step.http examples using https://api.example.com and payload.webhookUrl and step.custom fetch() calls in SKILL.md and references/workflow-and-steps.md), which the agent is expected to parse/interpret and whose response data can be referenced by subsequent steps, so untrusted third‑party content can materially influence behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). Novu Cloud calls your Bridge URL at runtime (examples: https://.novu.sh/api/novu or your deployed bridge like https://api.acme.com/api/novu) to fetch workflow/step content (subject/body/etc.), so these external URLs are required at runtime and directly control the notifications the system sends.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata