admin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly extracts, saves, and uses an auth token (authToken) in files and in curl requests (echoing it into project-config.json and including it in request headers), which requires handling and embedding secret values rather than keeping them only in environment variables or secure tooling.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill mandatorily fetches and ingests external Config Service data from https://admin.hlx.page/config/{ORG}/sites.json and per-site endpoints (saved to .claude-plugin/sites-config.json and used to build URLs and drive subsequent API actions) and opens https://admin.hlx.page/login/{org}/{site} for Playwright-based authentication, so untrusted third‑party content directly influences tool use and next actions.