cruncher-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly shows a setup command using --token and instructs the user to obtain a token, which encourages inserting an actual secret into a CLI command (a pattern that can require the LLM to output the secret verbatim and poses an exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads public, user-maintained quickstarter code and README files from GitHub (see the curl to the GitHub API and "show quickstarters" mapping) and expects the agent to read and interpret that untrusted third-party content as part of its workflow, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches quickstarter code at runtime from the GitHub API (curl -s "https://api.github.com/repos/crunchdao/competitions/contents/competitions//quickstarters"), which would be injected into the agent's context to drive explanations and behavior, meeting the criteria for remote content directly controlling prompts.