ai-slop-audit
Fail
Audited by Snyk on Jun 15, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). Because the audit requires quoting concrete evidence from the artefact (e.g., "quote/line") and expressly flags hardcoded secrets as blocking findings, the LLM would be required to reproduce any secret values found verbatim in its report, creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The skill’s required workflow ingests the “artefact itself (text, files, screenshots, repo path, or URL)” and then audits it; if that artefact is provided as a URL or outsider-authored text (e.g., a public web page or third-party document), the runtime LLM context will include that outsider free text for analysis, enabling indirect prompt injection.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata