emrah-skills

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for sensitive values (e.g., "What is the Supabase URL and anon key?") and to place them into project config/.env or generated files, which requires the LLM to handle and potentially output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs Copilot to fetch and parse a user-provided Swagger/OpenAPI spec URL (see the Data Source section: "When a Swagger/OpenAPI spec URL is provided, Copilot fetches the spec, reads endpoints & schemas..."), meaning the agent will ingest arbitrary third-party web content that can directly influence code generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly says Copilot will fetch a user-provided Swagger/OpenAPI spec URL at runtime and "reads the spec and writes service files & types" (e.g., the user-supplied spec URL such as https://api.example.com/openapi.json), so remote spec content directly controls the agent's code-generation instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates in-app payment APIs and purchase flows (expo-iap). It defines product SKUs, a Paywall screen, PurchasesProvider that calls getAvailablePurchases(), requestPurchase(), finishTransaction(), restorePurchases(), drainPendingTransactions(), and refreshPremiumStatus() — i.e., code to initiate and finalize monetary transactions/subscriptions. These are specific financial execution functions (sending/acknowledging purchases), so this skill grants direct financial execution capability.