cliproxyapi-manager-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples and commands that embed management and upstream API keys directly (e.g., --key "MANAGEMENT_PASSWORD", --api-key 'sk-or-v1-...', and Authorization: Bearer <MANAGEMENT_KEY>) and instructs saving management passwords, which can lead an agent to request and echo secrets verbatim even though safer env-var / prompt alternatives are mentioned.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses JSON from a user-configured Management API (e.g., GET /config, /auth-files, /openai-compatibility and the raw command that accepts absolute URLs) and the agent code/usage guide (SKILL.md, references/agent-usage-guide.md, scripts/cliproxyapi_manager.py cmd_list_aliases and cmd_raw) treats that untrusted, user-provided content as input that can drive decisions and subsequent API calls, enabling indirect prompt-injection risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes an explicit PowerShell execution-policy bypass and exposes commands to modify/replace service configuration and delete sensitive API keys/auth files via the management API, which can compromise the local service and machine state even though it doesn't request sudo or create OS users.