auto-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask the user for their API key if AUTODEV_API_KEY is not set and explicitly documents embedding that key verbatim in Authorization headers or query-string parameters, which requires the LLM to handle/output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests public, third‑party data (e.g., /listings, /vin, /recalls, /photos, /plate and external VDP/Carfax/photo URLs) as shown in SKILL.md, chaining-patterns.md, interactive-explorer.md and code-patterns.ts, and those untrusted listing/recall/photo/VDP contents are read and used to drive filtering, enrichment, recommendations, exports, and follow-up API calls—meeting the criteria for indirect prompt-injection risk.