Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-incident-runbook/Snyk

coderabbit-incident-runbook

Fail

Audited by Snyk on Mar 12, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The runbook contains commands that read and print secrets (kubectl get secret ... | base64 -d) and update secrets via --from-literal=api-key=NEW_KEY, which require handling and embedding API key values verbatim and thus risk exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and interpreting the public CodeRabbit status page (curl https://status.coderabbit.com) as part of the triage and decision tree, so untrusted third-party page content can materially influence remediation actions.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 01:45 AM
Issues
2