Skills
skills/polardb/polardbx-skills/polardbx-zero/Snyk

polardbx-zero

Fail

Audited by Snyk on Mar 23, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The API returns instance credentials and a connectionString containing the password and the skill explicitly tells users to "Use instance.connectionString" for connections, which requires the LLM to handle and potentially emit secret values verbatim.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The example response contains a literal, high-entropy password value "Px$9aB3cD7eF1gH" and a connectionString that embeds the URL-encoded version ("Px%249aB3cD7eF1gH"). This is not a generic placeholder, truncated/redacted value, or a simple setup password — it looks like a real, usable credential and is directly present in the documentation. The username and connection string also expose the credential context. Therefore it should be treated as a real secret.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 08:59 AM
Issues
2