hyperexecute-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that place LT_USERNAME/LT_ACCESS_KEY into YAML and into a command-line invocation (--user / --key), which encourages embedding secrets into generated commands/outputs (direct CLI args) and thus risks secret exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly downloads and executes a remote CLI binary from URLs such as https://downloads.lambdatest.com/hyperexecute/linux/hyperexecute (via curl -O ...; chmod +x; ./hyperexecute), so this external content is fetched at runtime and executes remote code that the skill depends on.