http-client

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The usage examples show embedding an Authorization: Bearer token directly in command-line headers, which encourages the LLM to output secret values verbatim in generated commands and therefore creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill accepts an arbitrary URL (args.url) and uses requests.request(...) to fetch remote HTTP responses which it then parses and prints (format_response reads response.text and response.json()), so it clearly ingests untrusted public third‑party content provided via arbitrary URLs.