skills/signet-ai/signetai/signet/Snyk

signet

Fail

Audited by Snyk on Apr 9, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs retrieving secrets (e.g., signet secret get OPENAI_API_KEY and curl .../api/secrets/OPENAI_API_KEY), which requires the agent to access and potentially output secret values verbatim, posing a high exfiltration risk.

Issues (1)

W007

HIGH

Insecure credential handling detected in skill instructions.

Audit Metadata

Risk Level

HIGH

Analyzed

Apr 9, 2026, 04:53 PM

Issues

1