crunch-compete

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires including a token as a command-line argument (crunch setup ... --token <TOKEN>), which forces the agent to output or handle the secret verbatim (and would expose it in command history), so it is insecure credential handling.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most links (docs, hub, GitHub API) are normal documentation/repo endpoints, but the skill explicitly instructs piping a remote shell script (https://astral.sh/uv/install.sh) into sh — a high-risk pattern because remote .sh installers can execute arbitrary code and be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly fetches quickstarter code from the public GitHub API ("curl https://api.github.com/repos/.../quickstarters") and instructs the agent to read and interpret quickstarter code and README/SKILL.md files to drive explanations and improvement/submit actions, exposing it to untrusted third‑party content that can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime setup commands that fetch and execute remote code (notably curl -LsSf https://astral.sh/uv/install.sh | sh and git clone https://github.com/crunchdao/crunch-synth.git followed by pip install), so these external URLs are required setup dependencies that execute remote code.