familysearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and encourages passing usernames/passwords on the command line (e.g., -u USERNAME -p PASSWORD and getmyancestors -u USERNAME -p PASSWORD), which requires embedding secrets verbatim in generated commands or outputs.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The code is largely a benign read-only FamilySearch client, but it intentionally ships a pre-registered third‑party OAuth client ID with a default redirect URI (misbach.github.io) which will cause the OAuth authorization code to be sent to an external domain — a clear supply‑chain/credential‑theft risk that can enable exfiltration of auth codes/tokens; no hidden exec/backdoor or remote shell is present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill programmatically fetches and emits user-generated content from public FamilySearch endpoints (e.g., /platform/tree/persons/{pid}, /platform/tree/.../memories and the public search endpoints at www.familysearch.org/service/search/), and it returns/display that arbitrary third-party data (titles, notes, descriptions, memory URLs) which the agent will read and could influence subsequent actions.