installing-apps-tools-and-services

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly instructs creating .env and compose files by pulling secrets from ~/.config/zshyzsh/secrets.zsh and embedding them into DATABASE_URL/API_KEY/SECRET_KEY fields (and shows examples with inline passwords), which would require the agent to read and place secret values verbatim into generated output—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs cloning and inspecting arbitrary GitHub repositories and public documentation (e.g., "git clone ", "gh repo clone ", "Check main GitHub repository (README, installation docs)" and using curl against public endpoints), which exposes the agent to untrusted, user-generated third‑party content that it will read and act on.