Skills
skills/vanterx/mssql-performance-skills/sqlplan-review/Snyk

sqlplan-review

Fail

Audited by Snyk on May 7, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill instructs the model to reproduce the full StatementText and parameter values verbatim (including ParameterCompiledValue/ParameterRuntimeValue) from user-provided .sqlplan XML, which can contain sensitive literals (passwords, connection strings, API keys) and thus forces secrets to appear in the agent's output.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
May 7, 2026, 11:13 AM
Issues
1
Security Audit — snyk — sqlplan-review