temps-platform-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple examples and commands that embed API tokens, passwords, and secret keys directly (e.g., --github-token "ghp_...", --route53-secret-key "wJalrXU...", temps login --api-key ...), which would require an agent to accept and output secret values verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes commands that fetch and execute remote code at runtime — notably curl -fsSL https://temps.sh/deploy.sh | bash (downloads and runs a remote install script) and git clone https://github.com/gotempsh/temps.git followed by build/run steps that execute repository code — which directly executes external content.