infer-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The wizard explicitly instructs the agent to ask the user to paste read/write keys, extract credentials from pasted prompts, and insert those exact keys into config files and generated code, which requires handling and potentially outputting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks the user to open/paste the setup prompt from the public infer.events/signup page (Entry B / Step 3) and directs the agent to extract and save credentials and endpoint from that user-provided, third‑party content which is then used to configure the MCP and drive API calls, so untrusted content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs runtime execution of remote packages (e.g., adding an MCP server that will run "npx @inferevents/mcp" and the install step "npx skills add infer-events/skills"), which fetches and executes remote code as a required dependency for the skill to function.