▥AGENT LAB: SKILLS — FEB 26 NYCNYC

skills/geoffjay/claude-plugins/git-troubleshooting/Snyk

git-troubleshooting

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 0.90). This skill contains an explicit insecure example embedding a personal access token in a git URL (git clone https://TOKEN@github.com/...), which would instruct an agent to place a secret verbatim into a command and thus create exfiltration risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes commands that modify user SSH configuration and global git settings, create SSH keys, and perform destructive file operations (rm, echo into .git/*) that change the machine's state and can affect authentication/ security even though it doesn't request sudo or create users.

Audit Metadata

Risk Level

HIGH

Analyzed

Feb 16, 2026, 12:31 AM