booking-notify

Fail

Audited by Snyk on May 28, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The preflight steps echo environment variables (notably CALCOM_OP_UUID and TELEGRAM_CHAT_ID) which will output their values verbatim, creating a risk of secret exposure even though some tokens are only checked as "SET"; this requires the agent to handle secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The runtime workflow ingests outsider-authored free text via the webhook relay: Cal.com sends HTTP POST JSON payloads (e.g., attendee names/emails and any “notes”/message fields) to the Cloud Run webhook-relay/main.py, which then forwards that content into the Pushover/Telegram message text that the agent/LLM context would include for notification rendering.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
May 28, 2026, 06:03 AM
Issues
2
Security Audit — snyk — booking-notify