skills/l3digital-net/claude-code-plugins/step-ca/Snyk

step-ca

Warn

Audited by Snyk on Mar 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt instructs privileged, system-level actions—e.g., sudo systemctl start/restart, installing a root CA into the OS trust store, chown and editing /etc/step-ca/config/ca.json—which modify system state and require elevated privileges, so it pushes the agent toward compromising the host.

Issues (1)

W013

MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 18, 2026, 01:38 PM

Issues

1