Skills
skills/zebbern/secops-cli-guides/Broken Authentication Testing/Snyk

Broken Authentication Testing

Fail

Audited by Snyk on Feb 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This content contains highly actionable offensive techniques (credential stuffing, brute-force tooling, rate-limit/IP-rotation bypasses, JWT “none” exploit, password-reset/host-header manipulation, session fixation, OTP brute-forcing) that enable credential theft and account takeover and can be abused for malicious attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze responses from arbitrary target application URLs (e.g., requests.get("https://target.com/login"), POST /login, capturing password-reset links like https://target.com/reset?token=...) and to use external breached datasets (e.g., "Have I Been Pwned"), so it ingests untrusted third‑party content and interprets it as part of its workflow.
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:57 AM