adynato-aimake

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's examples demonstrate embedding an Authorization: Bearer YOUR_API_KEY header directly in fetch calls, which encourages including API keys/secrets verbatim in generated requests or code and thus creates an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetches to aimake MCP endpoints (e.g., https://your-aimake-instance/mcp/manifest and POST https://your-aimake-instance/mcp/tools/:name such as https://your-aimake-instance/mcp/tools/search_code_text) which execute remote tools and return content that can directly control agent behavior, so these are runtime external dependencies that execute remote code.