llmer-demo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to read target files (which may include "email/credentials") and to write those values as script constants or env entries and to prompt for OTPs/user secrets and place them into .input-value, which requires emitting secret values verbatim in generated code/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Run Flow and recording library explicitly navigate and interact with arbitrary target URLs (from .demoflow/targets/*.md or inline scenario descriptions) using launchWithRecording and runSteps (SKILL.md "Run Flow" steps and lib/browser.js), capture page content/HAR, and extract values via save/exec steps—so untrusted public webpages can be fetched and their content interpreted to drive subsequent actions.