livekit-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes commands that pass API keys and secrets as explicit command-line arguments (e.g., --api-key / --api-secret and token creation examples, including literal devkey/secret), which require emitting secret values verbatim and thus pose direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to public, third-party content via its LiveKit MCP server tools (e.g., docs_search, get_pages, code_search, get_changelog, get_python_agent_example) which fetch and surface content from public LiveKit docs (docs.livekit.io) and repositories (e.g., GitHub) that the agent is expected to read for up-to-date information, creating a risk of indirect prompt injection.