stream-react-native

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to "resolve" Stream API keys, user tokens, and possibly run Stream CLI calls to create demo data before connecting the Chat UI, which implies the agent will need to obtain and embed secret values (API keys/tokens) in commands or generated connection code — an explicit exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly requires fetching and parsing live public docs (see references/DOCS.md which lists https://getstream.io/.../llms.txt and RULES.md / builder.md which mandate "fetch the selected markdown page" from the manifest) so the agent will ingest untrusted, user-accessible third‑party webpages and act on their contents (versions, install steps, runtime decisions).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching the llms.txt manifests at runtime and using their fetched markdown pages to determine installation and implementation instructions (https://getstream.io/chat/docs/sdk/react-native/llms.txt, https://getstream.io/chat/docs/react-native/llms.txt), so these external URLs are runtime dependencies that directly control agent prompts and generated code.