podcast-workflow
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt embeds a Feishu "父节点 Token" value and shows it passed directly as a command-line argument (--parent "TOSJwKzxTiFdiRk0aducHNBFntg"), which forces the agent to include a secret-like token verbatim in generated commands/outputs, creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 入口 A/B 都会在运行时从 YouTube 获取字幕/更新列表(如
youtube-transcript-cn的“提取 YouTube 字幕”与youtube-feed的“获取更新列表”),这些字幕/描述属于外部发布者的自由文本并会被拼入后续 LLM 处理上下文(再进入content-digest)。
HIGH W008: Secret detected in skill content (API keys, tokens, passwords).
- Secret detected (high risk: 1.00). I scanned the Skill content for high-entropy, literal credentials that would provide access.
Flagged item:
- "TOSJwKzxTiFdiRk0aducHNBFntg" is presented as a "父节点 Token" (parent-node Token) for Feishu. It is a high-entropy alphanumeric string (not a placeholder like YOUR_..., nor truncated/redacted) and is likely a real token/identifier used to write to the Feishu wiki. Per the secret definition (actual API keys / tokens), this should be treated as a secret.
Ignored items (not flagged) and why:
- File paths (/Users/ugreen/..., /Users/ugreen/Documents/...) — local paths, not secrets.
- Command examples (python3 ... scripts/...) — operational commands without embedded credentials.
- YouTube links with "xxx" or "xxxxx" placeholders — clearly placeholders, not real URLs or tokens.
- Dates, filenames, headings, and configuration labels (e.g., "本地保存路径", "观点数量") — not credentials.
- Any simple/example strings (e.g., MMDD-xxx.md) — documentation placeholders, low entropy.
Conclusion: only the Feishu parent token appears to be an actual high-entropy credential present in the document.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W008
HIGHSecret detected in skill content (API keys, tokens, passwords).
Audit Metadata