Skills
skills/legout/data-agent-skills/accessing-cloud-storage/Snyk

accessing-cloud-storage

Fail

Audited by Snyk on Mar 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes code examples that embed credentials inline (e.g., s3fs.S3FileSystem(key='AKIA...', secret='...', token='...')), which instructs handling secrets verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows runtime code that reads arbitrary remote data (e.g., fsspec open on "https://example.com/...", fsspec/pyarrow/obstore access to s3://, gs://, az:// paths and the incremental loading pattern that calls process_file on listed files), which means untrusted public URLs or user-generated cloud objects would be ingested and could materially influence processing/decisions.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 06:13 PM
Issues
2