Skills
skills/mukul975/anthropic-cybersecurity-skills/configuring-identity-aware-proxy-with-google-iap/Snyk

configuring-identity-aware-proxy-with-google-iap

Fail

Audited by Snyk on Mar 16, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt includes examples that embed OAuth client IDs/secrets directly (e.g., --oauth2-client-secret=CLIENT_SECRET and IAP_CLIENT_ID="...") and uses CLI arguments/constants where real secrets would be substituted, which encourages the LLM to output secrets verbatim.

Issues (1)

W007
HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 07:56 AM
Issues
1