iblai-auth

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the assistant to ask the user for their platform/tenant key and then pass that value verbatim into CLI commands and .env (e.g., iblai add auth --platform <tenant-key> / NEXT_PUBLIC_MAIN_TENANT_KEY), requiring the LLM to handle and output the secret identifier directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs users to install/run the iblai CLI by cloning and installing code from https://github.com/iblai/iblai-app-cli.git (and/or downloading binaries from https://github.com/iblai/iblai-app-cli/releases/latest), which fetches remote code that is then executed as part of the setup/runtime dependency.