remix-api-reference

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires adding an Authorization header ("Authorization: Bearer <api_key>") to API requests, which forces the agent to substitute and emit the actual secret token verbatim when constructing calls.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to fetch the OpenAPI spec at https://api.remix.gg/docs/json at runtime and to use that spec as the authoritative contract for API methods/paths/params, which means external content directly controls the agent's instructions and behavior.