auto-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs the agent to ask for or use an AUTODEV_API_KEY and gives explicit header/query/CLI examples (e.g., Authorization: Bearer {key}, ?apiKey={key}, --api-key ), which encourages embedding the user's secret verbatim into generated commands/requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md, chaining-patterns.md, interactive-explorer.md and many templates) instruct the agent to fetch and parse open/public third‑party data (e.g., /listings, /vin, /photos, /recalls, /openrecalls, /plate endpoints on api.auto.dev and auto.dev) and then act on that content (filter, enrich, make recommendations, export, call further APIs), which clearly ingests untrusted external content that can influence subsequent tool use and decisions.