deepspace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes a non-interactive CI login pattern that passes a plaintext password on the command line (npx deepspace login --email --password ), which encourages embedding secrets verbatim in commands and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs runtime calls to open/public third‑party integrations (e.g., integration.post('/') in references/integrations.md, image-generation calls like integration.post('freepik/generate-image-flux-dev', ...) in references/landing-design.md, and the streamed /api/ai/chat in references/ai-chat.md) and then reads and acts on those responses (requiresOAuth flows, returned authUrl, LLM/image responses, tokens) as part of normal workflows, so untrusted third‑party content can materially influence tool use and next actions.