skills/jiannx/agent-skills/nocobase-bugfix/Snyk

nocobase-bugfix

Fail

Audited by Snyk on Apr 29, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to resolve NOCOBASE_TEST_API_TOKEN from .env/environment and use it in a curl Authorization header (Bearer ...), which requires embedding a secret verbatim in generated requests/commands and is an exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 29, 2026, 01:52 AM

Issues

1