Skills
skills/dirnbauer/webconsulting-skills/typo3-powermail/Snyk

typo3-powermail

Fail

Audited by Snyk on Mar 10, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit secret-like value (e.g., "apiKey = secret123") in configuration examples and shows embedding API keys in generated TypoScript/PHP, which requires the LLM to output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows runtime calls to external, public APIs/URLs (e.g., the "Custom Spam Shield Method" with configuration.apiUrl = https://spam-api.example.com and the "Custom Finisher" / SendParametersFinisher with apiUrl = https://crm.example.com/api) whose responses are consumed and used to make decisions (spam detection, finisher behavior), so untrusted third-party content can materially influence execution.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 03:01 AM