skills/shigzz/aliyun-skills/aliyun-instance-bill/Snyk

aliyun-instance-bill

Fail

Audited by Snyk on Mar 23, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly includes a command that cats the .env file (find ... -exec cat {} ;), which requires reading and outputting AK/SK verbatim and therefore exposes secrets verbatim in agent output.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Mar 23, 2026, 08:12 AM

Issues

1