sales-interprefy

Fail

Audited by Snyk on Jun 14, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I flagged one high-entropy, literal credential present in the docs: the static API token shown in multiple examples. It is a fully-formed token (long hex string) and not a placeholder or redacted value, so it meets the definition of a secret.

Ignored items and why:

  • The JWT examples are redacted/truncated (eyJ0eXAiOiJK(...)aBqroY) — treated as redacted, not flagged.
  • Session tokens with trailing "..." (e.g., T1==cGFydG5lcl9pZ...) are truncated/redacted — ignored.
  • Placeholder/sample values such as "YOUR_STATIC_TOKEN", "your_user"/"your_pass", "ABC12345", "PART1714000000" and other simple/demo strings are low-entropy or explicit placeholders and therefore ignored per the rules.
  • No PEM/private-key blocks or other high-entropy secrets were found besides the token below.

Secret found:

  • Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b

Issues (1)

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 14, 2026, 12:20 AM
Issues
1
Security Audit — snyk — sales-interprefy