Skills
skills/opensearch-project/opensearch-agent-skills/opensearch-launchpad/Snyk

opensearch-launchpad

Fail

Audited by Snyk on Apr 21, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The prompt explicitly tells the agent to ask for credentials (OpenSearch basic auth and "Ask for AWS credentials for Bedrock") and to retry commands with a custom auth mode or populate env vars (OPENSEARCH_PASSWORD placeholders), which implies the LLM will be expected to accept and embed secret values verbatim into commands or configuration — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill's required workflow and docs show the agent fetching and ingesting public web content (e.g., document_processing_guide.md demonstrates Docling.convert("https://...") for arbitrary URLs) and the agentic search guide / MCP server configs include WebSearch/DuckDuckGo tools that the agent uses to retrieve web content which it then reads and acts on, so untrusted third‑party content can directly influence actions.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 21, 2026, 06:20 PM
Issues
2