agent-mesh-creator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and instructs passing a bearerToken directly in CLI JSON (e.g., --config-json '{"...","bearerToken":"replace-me"}') which implies the agent will ask for and embed secret tokens verbatim into generated commands, an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow and reference docs (SKILL.md, references/skill-publishing.md, and references/cli-reference.md) explicitly instruct using agent-mesh commands like "skills install <author/slug>", "skills publish", and "discover"/"call" that fetch and install user-published skills and remote agents from the public agents.hot/remote endpoints, meaning untrusted third-party content will be ingested and can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The documentation shows that agent-mesh can install skills from agents.hot (e.g., https://agents.hot/authors/{author}/skills/{slug}), and those fetched SKILL.md skill files are retrieved at runtime and directly control agent prompts/instructions, so this is a runtime external dependency that can control the agent.