sydney-commute

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to share their TfNSW API key and shows a shell snippet that embeds the key verbatim into ~/.config/sydney-commute/credentials.json (and instructs the agent to save and confirm the key), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime (scripts/commute.py) fetches and parses live data from third-party public services — e.g., TfNSW API at https://api.transport.nsw.gov.au/v1/tp (fetch_trip/fetch_departures/fetch_stops), Nominatim (forward/reverse geocoding), and ip-api.com for IP geolocation — and those JSON responses are directly interpreted to choose stop IDs, departures, journey legs, and next actions, so untrusted external content can materially influence behavior.