Skills
skills/tinyfish-io/tinyfish-cookbook/project-idea-validator/Snyk

project-idea-validator

Fail

Audited by Snyk on Apr 24, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes and instructs use of a literal-looking API key (sk-tinyfish-...) in example commands and env var settings, which causes the agent to output or propagate a secret verbatim and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run TinyFish against public GitHub and Dev.to search URLs (see "Step 1 — Search GitHub" and "Step 2 — Search Dev.to" with tinyfish agent run --url "https://github.com/search?q=..." and "...dev.to/search?q=..."), ingesting untrusted, user-generated content and using it to drive synthesis and verdicts—allowing third‑party content to materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill calls TinyFish at runtime to fetch and extract live content from external pages (e.g. https://github.com/search?q=&type=repositories&s=stars&o=desc and https://dev.to/search?q=), and then directly injects that fetched JSON/content into the agent's synthesis step—i.e., runtime-fetched external content is used as required input to control the agent's outputs.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). The documentation contains a high-entropy, fully-formed API key value used verbatim in multiple example environment variables and settings: sk-tinyfish-k7KpC3TypJEAwK4j1yN0Ww7yB8h7VPLg

This is not a placeholder (not "sk-xxxx" or truncated), not an obvious low-entropy example, and matches the pattern of usable API keys. It appears directly in the docs and therefore should be treated as a real credential. Recommend removing the exposed key, rotating it immediately, and replacing examples with a placeholder like YOUR_TINYFISH_API_KEY.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Apr 24, 2026, 10:19 AM
Issues
4