Skills
skills/secondsky/sap-skills/sap-btp-service-manager/Snyk

sap-btp-service-manager

Fail

Audited by Snyk on Mar 4, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill includes command, curl, and YAML examples that explicitly show inserting client secrets/tokens (e.g., --client-secret, manager.secret.clientsecret, client_secret in the OAuth curl), instructing the agent to embed secret values verbatim into commands/requests and thus creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md Quick Start and Kubernetes Operations explicitly instruct fetching and applying public third‑party resources (e.g., "kubectl apply -f https://github.com/cert-manager/.../cert-manager.yaml", downloading SMCTL/BTP CLI releases from GitHub, adding helm repos, and reading API/SMCTL JSON responses like smctl get-binding), so the agent will ingest untrusted public web content (GitHub, release pages, swagger/API responses) as part of its workflow and those responses can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit runtime commands that fetch and execute remote manifests/charts (e.g., "kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml"), which downloads and applies remote Kubernetes manifests as a required prerequisite for the operator, so the URL directly causes remote code to be executed during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit commands that require elevated privileges (e.g., "sudo mv smctl /usr/local/bin") and instructions to install binaries and cluster components, which modify the host/cluster state and thus push the agent to change the machine's state.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 10:22 PM