critical
suspicious.env_credential_access
- Location
- skills/ima-skills/ima_api.cjs:31
- Finding
- Environment variable access combined with network send.
academic-pipeline-suite
AdvisoryAudited by Static analysis on May 14, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal
Findings (2)
critical
suspicious.exposed_secret_literal
- Location
- skills/ima-skills/knowledge-base/scripts/cos-upload.cjs:96
- Finding
- File appears to expose a hardcoded API secret or token.