sales-interprefy
Fail
Audited by Snyk on Jun 14, 2026
Risk Level: HIGH
Full Analysis
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I flagged one high-entropy, literal credential present in the docs: the static API token shown in multiple examples. It is a fully-formed token (long hex string) and not a placeholder or redacted value, so it meets the definition of a secret.
Ignored items and why:
- The JWT examples are redacted/truncated (eyJ0eXAiOiJK(...)aBqroY) — treated as redacted, not flagged.
- Session tokens with trailing "..." (e.g., T1==cGFydG5lcl9pZ...) are truncated/redacted — ignored.
- Placeholder/sample values such as "YOUR_STATIC_TOKEN", "your_user"/"your_pass", "ABC12345", "PART1714000000" and other simple/demo strings are low-entropy or explicit placeholders and therefore ignored per the rules.
- No PEM/private-key blocks or other high-entropy secrets were found besides the token below.
Secret found:
- Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
Issues (1)
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata