superme

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for and then embed user credentials, OTP codes, and passwords verbatim into browser-eval commands (e.g., setting input values like 'PASS'/'CODE'/'PHONE_NUMBER'), which requires the LLM to handle and output secrets directly, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly fetches and parses live content from public vendor sites (e.g., shufersal.co.il orders via curl, keshet-teamim.co.il product APIs and page scrapes, rami-levy.co.il catalog APIs and Vue/Angular page components) and saves/uses those third‑party product/order texts (e.g., /tmp/superme_last_search.json) to decide which items to add to carts or wishlists (see the /superme search, /superme magicorder, and /superme add workflows), so untrusted public web content is read and can materially influence subsequent tool actions.