skills/getcargohq/cargo-skills/cargo-cli-orchestration/Snyk

cargo-cli-orchestration

Fail

Audited by Snyk on Mar 30, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt instructs use of cargo-ai login --token (passing API tokens as command-line arguments), which would require the agent to embed a user's secret token verbatim in generated commands — a high exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Mar 30, 2026, 05:20 PM

Issues

1