Keycloak
Fail
Audited by Snyk on Feb 15, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The prompt contains many explicit plaintext secrets and examples (env vars like KEYCLOAK_ADMIN_PASSWORD=admin, POSTGRES_PASSWORD=password, client-secret/session-secret, curl with password) and instructs copying/placing client secrets into configs/commands, which would encourage an agent to handle or emit secret values verbatim.
Audit Metadata