setup-coordinator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs exporting and passing API keys as CLI arguments (e.g., --api-key and export COORDINATION_API_KEY) and even printing environment key/value pairs, which requires the agent to include secret values verbatim in commands/output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md Web/Cloud Path (Step 4 and Railway cloud subsection) explicitly instructs the tool to call an externally supplied COORDINATION_API_URL (e.g., curl "$COORDINATION_API_URL/health" and python scripts/coordination_bridge.py detect) and then uses those HTTP responses to set COORDINATOR_AVAILABLE and CAN_* flags that control hook activation and runtime behavior, so responses from an external/public coordinator could materially influence agent actions.