opencli-operate

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly captures and can display full network requests/response bodies and operates with existing login sessions/cookies, which can expose API keys, bearer tokens, cookies or other secrets verbatim in agent output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open arbitrary URLs and ingest page content and API responses (e.g., "opencli operate open ", "opencli operate eval", "opencli operate network --detail") and gives examples using public sites like news.ycombinator.com and httpbin.org, so untrusted third‑party web content and user-generated pages can be fetched and interpreted as part of the agent's workflow.