vite-flare-starter

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt asks the agent to collect Google OAuth credentials and instructs copying/piping them into .dev.vars and npx wrangler secret put commands (e.g., echo "your-client-secret" | npx wrangler secret put ...), which requires handling or embedding secret values verbatim in generated output/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (references/setup-pattern.md and SKILL.md Step 2) instructs the agent to git clone the public GitHub repo https://github.com/jezweb/vite-flare-starter.git and read/modify files (wrangler.jsonc, package.json, index.html, etc.), so untrusted third-party repository content is ingested and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup explicitly runs a runtime git clone of the repository (git clone https://github.com/jezweb/vite-flare-starter.git) and then instructs running setup/install/deploy commands (e.g., setup.sh, pnpm install, pnpm run ...) so remote repository code is fetched at runtime and executed as a required dependency.