agent-reach

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to accept and use user cookies/tokens (e.g., xsec_token, cookies) and to call CLI/API commands that include those values (mcporter calls, cookie flags), which requires embedding secret values verbatim in generated commands/requests and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and reads arbitrary public web pages and user-generated social content (see SKILL.md sections "Web — Any URL" and platform integrations like Twitter/X, Reddit, YouTube, WeChat Articles, RSS, etc.) and instructs the agent to read/interpret links and perform actions (e.g., "read this link", "post, comment, or interact"), allowing untrusted third-party content to influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses curl -s "https://r.jina.ai/URL" at runtime to fetch arbitrary remote page content which is then injected into the agent's context (i.e., the model prompt), so external content fetched from https://r.jina.ai/URL can directly control prompts or contain instructions.