things-app
Fail
Audited by Snyk on Jun 28, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt asks the host/agent to accept/paste the Things auth token and mail-to-Things address into the skill and to include them (e.g., via auth-token URL params or CLI args) when performing updates, which requires the LLM to handle and potentially output secret values verbatim.
Issues (1)
W007
HIGHInsecure credential handling detected in skill instructions.
Audit Metadata