appwrite-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt documents CLI commands like --value <VALUE>/create-variable that require embedding secret/credential values as command-line arguments, which would force the LLM to include those secrets verbatim in generated commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions include a curl | bash command that fetches and executes remote code (https://appwrite.io/cli/install.sh), which would run arbitrary code during setup and is presented as a required installation path for the CLI.