solo-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples that embed secret values in CLI commands (e.g., fly secrets set VARIABLE_NAME=value, vercel env add NAME production <<< "value"), which would require the agent to output secret values verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects the live deployment URL (Step 5: curl to get STATUS and BODY) and tails remote platform logs (Step 6: vercel/wrangler/fly logs), so it ingests arbitrary public third‑party content and uses that content to decide redeploys or pipeline signals.