Skills
skills/sepivip/claude-rs-ge-waybill-skill/rs-waybill/Snyk

rs-waybill

Fail

Audited by Snyk on Mar 1, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes explicit service credentials (usernames and plaintext passwords) and instructs that su and sp must be passed with every method call, which directly requires the LLM to include secret values verbatim in generated requests or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the external RS.GE WayBillService API (endpoint https://services.rs.ge/WayBillService/WayBillService.asmx) as shown in SKILL.md and references/api-methods.md (methods like get_waybill, get_waybills, get_buyer_waybills, get_waybills_v1) and therefore ingests third‑party, user-provided waybill data that the agent must read and can materially influence subsequent actions.
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 06:20 AM