pb-react-spa

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs embedding the superuser email and password directly into the pocketbase-typegen CLI command and an npm script (e.g., --email ... --password yourpassword), which requires the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's deployment instructions (references/deployment.md) include required shell commands that query the public GitHub API and download PocketBase release artifacts (e.g., the curl + GitHub releases download in the "Binary Mode" section), which fetches untrusted third‑party content that the workflow uses to decide what binary to download and run.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains runtime install commands that fetch and run a remote PocketBase binary (e.g., curl -sL "https://github.com/pocketbase/pocketbase/releases/download/v${VERSION}/pocketbase_${VERSION}_${OS}_${ARCH}.zip" ... && unzip ... && ./pocketbase serve), which downloads and executes remote code required by the skill.