skills/richfrem/agent-plugins-skills/analyze-plugin/Snyk

analyze-plugin

Fail

Audited by Snyk on Apr 3, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to run commands that print file contents (e.g., jq . .claude-plugin/plugin.json) and to grep for hardcoded credentials, which can cause any discovered API keys/passwords/secrets to be output verbatim in the report.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 3, 2026, 06:13 PM

Issues

1