lighthouse-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and workflow explicitly show embedding API keys/JWTs and plaintext passwords directly into curl commands and an AUTH variable (e.g., "Authorization: Bearer fh_your_key_here" and sign-in payloads), which requires the agent to place secret values verbatim into generated commands/outputs, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent to register sites which Foghorn then crawls and audits (SKILL.md: "Foghorn crawls its sitemap, audits every page") and the agent fetches those results via the API endpoints (/pages, /pages/:id, /issues), so it consumes untrusted public website-derived content that can influence actions.