booking-notify
Fail
Audited by Snyk on May 28, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The preflight steps echo environment variables (notably CALCOM_OP_UUID and TELEGRAM_CHAT_ID) which will output their values verbatim, creating a risk of secret exposure even though some tokens are only checked as "SET"; this requires the agent to handle secret values directly.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (medium risk: 0.65). The runtime workflow ingests outsider-authored free text via the webhook relay: Cal.com sends HTTP POST JSON payloads (e.g., attendee names/emails and any “notes”/message fields) to the Cloud Run
webhook-relay/main.py, which then forwards that content into the Pushover/Telegram message text that the agent/LLM context would include for notification rendering.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata