computer-control

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes literal API-key-like examples (export ANTHROPIC_API_KEY="sk-ant-..." and api_key="sk-ant-...") and an inline api_key parameter in example code, which encourages embedding secrets verbatim in commands/code and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly captures and interprets desktop screenshots (see SKILL.md "Available Actions" -> "screenshot" and the Safety note "Claude sees the full screen via screenshots"), so it can ingest untrusted public/user-generated content displayed on the screen (web pages, social media, etc.) that could influence subsequent actions.