authoring

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly reads an authToken from .claude-plugin/project-config.json and instructs constructing and running curl commands with -H "x-auth-token: ${AUTH_TOKEN}", which requires embedding the secret verbatim in generated commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly mandates calling the public Config Service API (https://admin.hlx.page/config/${ORG}/sites.json and per-site JSON endpoints) and consuming those JSON fields (site list, content.source.url/type, etc.) to drive site discovery, URL construction, and further actions, so untrusted third-party responses can materially influence the agent's decisions and tool use.