skills/ericmjl/skills/mempalace/Snyk

mempalace

Fail

Audited by Snyk on Apr 8, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill explicitly stores and returns verbatim drawer content (and wakes up by loading ~/.mempalace/identity.txt into generated context), which forces the agent to output exact user-provided text — including any API keys, tokens, or passwords — creating an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 8, 2026, 12:02 PM

Issues

1