setup-gcx

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains explicit examples that set API tokens and plaintext passwords directly in CLI commands and config fields (e.g., gcx config set ... token glsa_... and ...password mysecretpassword), which instructs an agent to embed secret values verbatim in its output/commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly performs live HTTP calls to user-specified Grafana servers (e.g., auto-discovery via the /bootdata endpoint described in "Namespace note" / "Namespace resolution" and commands like gcx resources get dashboards / gcx datasources list) which ingest untrusted third-party content and use it to determine namespaces and drive subsequent API/tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's installation step runs: git clone --depth 1 https://github.com/grafana/gcx.git && (cd "$tmp" && go install ./cmd/gcx), which fetches code from https://github.com/grafana/gcx.git at runtime and builds/installs (executes) that remote code, so it is a runtime external dependency that executes remote code.