clerk-swift

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires asking for and then wiring a developer-provided "publishable key" plainly into app configuration (Clerk.configure) and forbids indirection, which forces the agent to accept and output a secret/credential verbatim in code—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md steps 7, 8, 10 and multiple Execution Gates) mandates visiting the iOS quickstart markdown URL found in the installed clerk-ios package README (public clerk.com docs) and calling/consuming the /v1/environment response, and it explicitly instructs the agent to read and act on those external pages/responses to decide capabilities, associated domains, and implementation steps—exposing the agent to public third‑party content that can change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires the agent at runtime to fetch and read the iOS quickstart markdown (e.g., https://clerk.com/docs/ios/getting-started/quickstart.md) from the installed package README and then compile/apply its checklist, so remote content would directly control agent instructions and required code changes.