Skills
skills/popmechanic/vibes-cli/sell/Snyk

sell

Fail

Audited by Snyk on Mar 17, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to collect and interpolate sensitive values (e.g., admin user IDs and explicitly an AI key) directly into shell command flags like --admin-ids and --ai-key, which requires the LLM to output secrets verbatim and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's runtime template and workflow explicitly fetch and ingest open web content (e.g., registry endpoints via registryApiUrl like /registry.json, /check/{subdomain}, /resolve/{subdomain} and CDN-hosted modules such as https://esm.sh/* shown in the import map and template.delta.html), and the responses are parsed and used to decide routing, access control, claiming, and other actions — so untrusted third-party responses can materially change the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.70). The skill's generated web app loads and executes remote JavaScript at runtime (for example the import map points to React at https://esm.sh/stable/react@19.2.4), which is a required runtime dependency that will fetch and run third‑party code in users' browsers.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly built around SaaS subscription gating and repeatedly references Stripe billing (billing-mode flags, SubscriptionGate/SubscriptionPaywall components, "Stripe billing is phase 2", "Stripe checkout" etc.). Although the integration may be marked as "phase 2" / placeholder, the skill's primary purpose includes enforcing paid subscriptions and is explicitly tied to a payment gateway (Stripe). This meets the criterion of being specifically designed for financial operations (payment gateway/subscription billing), so it should be flagged.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 04:38 AM
Issues
4