auth-helper

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to ask the user to provide their dex_cookie and to embed that exact value in commands/env assignments and Cookie headers (or copy/paste it), which requires the LLM to handle and output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs the agent/user to obtain a cookie from the public site https://www.alph.ai and to call/read responses from the external API (e.g., https://b.alph.ai/smart-web-gateway/...), and those third-party responses are parsed and used to drive decisions (e.g., proceed with orders or prompt re-login) as part of the required workflow, so untrusted external content can influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for a trading platform (Alph.ai) and guides obtaining and storing the exact authentication token (dex_cookie) required to call authenticated trading and order-management APIs. It documents how to include the cookie in API requests, provides a curl example for an authenticated endpoint, and lists actions that require auth including "Place orders (buy/sell)", "Limit/pending orders", "Copy trading", and "Wallet management". Its primary and explicit purpose is to enable authenticated trading operations, so it qualifies as granting Direct Financial Execution authority.