moviepilot-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for a backend API key and then run commands embedding it (e.g., node scripts/mp-cli.js -h <HOST> -k <KEY>), which forces the LLM to include secret values verbatim in generated CLI commands, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts show the CLI calls a configured backend (mpHost) and uses endpoints like search_torrents and get_search_results which return filter_options and torrent results (sourced from torrent sites/online communities) that the agent must present, interpret, and act on (e.g., choose filters, call add_download), so untrusted third‑party content can directly influence decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to the configured backend (e.g. https://<MP_HOST>/api/v1/mcp/tools, https://<MP_HOST>/api/v1/mcp/tools/, and POST https://<MP_HOST>/api/v1/mcp/tools/call) to load JSON command definitions that determine available commands/parameters and to invoke remote tool execution, so fetched external content directly controls the CLI's behavior and is a required runtime dependency.