sprites-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly demonstrates reading a Tailscale auth key with op read and embedding it into a -env "TS_AUTHKEY=$TS_AUTHKEY" command-line invocation, which requires the secret to be placed verbatim into a command and therefore risks exfiltration.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Although hosted on GitHub raw content, this is a direct .sh installer from an individual’s dotfiles repo and the skill instructs piping it to bash — executing unreviewed shell code from an unverified user is high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the SKILL.md "Install Dotfiles" step explicitly runs curl -fsSL https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh | bash inside a Sprite, meaning the skill fetches and executes arbitrary public GitHub (user-generated) content that the agent relies on for tooling and could therefore supply instructions that influence future actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The skill explicitly runs a remote install script at runtime via curl -fsSL https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh | bash on the Sprite, which fetches and immediately executes remote code that the skill declares is required for agent tooling.