skills/coinank/coinank-openapi-skill/coinank-openapi/Snyk

coinank-openapi

Fail

Audited by Snyk on Apr 25, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill tells the agent to read COINANK_API_KEY from the environment and inject it into curl request headers, which requires the model to include the secret verbatim in generated commands/requests and thus risks exfiltration.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 25, 2026, 02:05 AM

Issues

1