podcast-workflow

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt embeds a Feishu "父节点 Token" value and shows it passed directly as a command-line argument (--parent "TOSJwKzxTiFdiRk0aducHNBFntg"), which forces the agent to include a secret-like token verbatim in generated commands/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 入口 A/B 都会在运行时从 YouTube 获取字幕/更新列表(如 youtube-transcript-cn 的“提取 YouTube 字幕”与 youtube-feed 的“获取更新列表”),这些字幕/描述属于外部发布者的自由文本并会被拼入后续 LLM 处理上下文(再进入 content-digest)。

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the Skill content for high-entropy, literal credentials that would provide access.

Flagged item:

  • "TOSJwKzxTiFdiRk0aducHNBFntg" is presented as a "父节点 Token" (parent-node Token) for Feishu. It is a high-entropy alphanumeric string (not a placeholder like YOUR_..., nor truncated/redacted) and is likely a real token/identifier used to write to the Feishu wiki. Per the secret definition (actual API keys / tokens), this should be treated as a secret.

Ignored items (not flagged) and why:

  • File paths (/Users/ugreen/..., /Users/ugreen/Documents/...) — local paths, not secrets.
  • Command examples (python3 ... scripts/...) — operational commands without embedded credentials.
  • YouTube links with "xxx" or "xxxxx" placeholders — clearly placeholders, not real URLs or tokens.
  • Dates, filenames, headings, and configuration labels (e.g., "本地保存路径", "观点数量") — not credentials.
  • Any simple/example strings (e.g., MMDD-xxx.md) — documentation placeholders, low entropy.

Conclusion: only the Feishu parent token appears to be an actual high-entropy credential present in the document.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 09:24 AM
Issues
3
Security Audit — snyk — podcast-workflow