ai-director
Fail
Audited by Snyk on Jun 23, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt includes examples and commands that require embedding API keys or verification codes verbatim (e.g., bind --key "x2c_sk_xxx", credentials/{USER_ID}.json with "x2cApiKey"), so an agent would need to read and output secret values directly, creating an exfiltration risk.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). The codebase contains high-risk patterns: a hard-coded, non-obvious external API endpoint receiving user API keys and account actions, plus logic that writes unified account data and attempts to run a sync script (child_process.execSync), which together create a plausible credential-exfiltration/backdoor vector and remote-code-execution opportunity.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's quality-evaluator calls the Gemini REST endpoint at https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=${GEMINI_API_KEY} at runtime and uses the model's JSON response (including "prompt_improvements") to modify the generation prompt in auto-iterate, so remote content directly controls subsequent agent prompts and the workflow requires the Gemini API key.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata