skills/openaec-foundation/erpnext_anthropic_claude_development_skill_package/frappe-testing-cicd/Snyk
frappe-testing-cicd
Fail
Audited by Snyk on Mar 31, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext passwords (e.g., MARIADB_ROOT_PASSWORD: db_root, --admin-password admin) and commands that embed them on the command line, which requires the LLM to output secret values verbatim.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The workflows reference GitHub Actions and remote hook/repos that are fetched and executed at CI/runtime (for example: actions/checkout@v4 -> https://github.com/actions/checkout, returntocorp/semgrep-action@v1 -> https://github.com/returntocorp/semgrep-action, codecov/codecov-action@v4 -> https://github.com/codecov/codecov-action and pre-commit repos like https://github.com/pre-commit/pre-commit-hooks), so external code will be pulled and run as a required part of the skill.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata