models-config

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit API keys/tokens in examples and instructs passing API keys as command-line arguments and embedding them in curl headers or config files, which requires the LLM to handle/output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's update-prices workflow (SKILL.md and update-prices.ts) explicitly fetches and ingests JSON from the public URL https://models.dev/api.json, and uses that untrusted third-party data to update local models.json cost fields which can materially influence model-selection/behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The document contains a high-entropy API key string: sk-XvsJhNdiXcDYA3e5hzD1AJP5ploMAaFuMTUxp3bHRfCiZRNt. It is embedded directly as ANTHROPIC_AUTH_TOKEN in the environment block, used in curl examples and the test invocation. This is not a placeholder (e.g., "sk-xxx" or "YOUR_API_KEY"), not truncated/redacted, and not a simple setup password — it appears to be a real, usable credential. Other simple/example values like "proxypal-local" are low-entropy/local placeholders and are ignored.