agent-reach

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt instructs configuring channels by embedding secrets verbatim in CLI commands (e.g., twitter cookies "auth_token=...", proxy URLs with user:pass), which requires the agent to request and output sensitive credential values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Yes—at runtime, the skill’s read_url/read_batch (and read CLI) fetches outsider-authored web content (e.g., arbitrary URLs via WebChannel.read using requests.get to https://r.jina.ai/<url>), then returns that readable text to the agent/MCP caller, which is typically placed into the LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 06:06 AM
Issues
3
Security Audit — snyk — agent-reach