astro-expert
Fail
Audited by Snyk on Feb 16, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The mandatory Memory Protocol instructs the agent to run "cat .claude/context/memory/learnings.md" before starting, which forces it to output the contents of a local file (potentially containing API keys/secrets) verbatim and thus creates an exfiltration risk, even though other parts recommend environment-variable handling.
Audit Metadata