Skills
skills/curiositech/some_claude_skills/fullstack-debugger/Snyk

fullstack-debugger

Fail

Audited by Snyk on Mar 5, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes multiple examples that embed API keys/tokens directly in commands and client constructors (e.g., Authorization: Bearer YOUR_TOKEN, createClient('URL','KEY')), which would require substituting real secret values verbatim if the agent executed or generated those commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). SKILL.md and the included scripts explicitly instruct the agent to fetch and inspect external/public endpoints (e.g., curl/WebFetch to https://YOUR-WORKER.workers.dev/, https://jb4l-meeting-proxy.erich-owens.workers.dev/ and direct Supabase queries) and to interpret those responses as evidence to drive diagnostic actions, meaning untrusted third‑party content can materially influence tool use and decisions.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 08:42 PM