trinity-onboard

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user for their Trinity API key and instance URL and instructs the agent to write those exact values into files (.env and .mcp.json) and include them in configuration, which requires emitting secrets verbatim and therefore is insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly directs the agent to connect to a user-specified Trinity instance (via .mcp.json / the Trinity URL and API key in STEP 4) and to call MCP endpoints (e.g., mcp__trinity__deploy_local_agent and heartbeat/status checks in STEP 5 and the Heartbeat Pattern), meaning it will fetch and interpret untrusted third‑party responses from that remote server which can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's .mcp.json config runs "npx mcp-remote [TRINITY_URL]/mcp" at runtime, which causes npx to fetch and execute the external mcp-remote package and contact the runtime endpoint "[TRINITY_URL]/mcp" — a required external dependency that executes remote code.