Skills
skills/krishagel/geoffrey/psd-brand-guidelines/Snyk

psd-brand-guidelines

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the skill content for literal, high-entropy values that could grant access.

Findings:

  • Two Google Drive folder IDs appear as literal values:
  • 1YhjxX_pOwZJppZebIIC7QW_UHF4bvo79
  • 1ufOB6rrKDbAaH7HapdLadJzWy8ho5hTb These are random-looking, high-entropy identifiers (not placeholders) and could permit access to Drive content if the folders are shared via ID. They are not documented as placeholders and therefore are flagged as potential secrets.

Ignored items (not flagged):

  • Email address (chastained@psd401.net) — contact info, not a credential.
  • Color hex codes, font names, file paths, CSS, JSON keys, and other configuration values — not secrets.
  • No API keys, private keys (PEM blocks), bearer tokens, or complex passwords were found.

Conclusion: flagging due to the two Drive folder IDs present as literal, high-entropy identifiers.

Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:51 AM