cmux

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples and commands that embed plaintext credentials directly (e.g., cmux computer fill ... "password123"), which instructs the agent to include user passwords/secrets verbatim in generated commands or automation.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's browser-automation commands (e.g., "cmux computer open " and the "Scrape data" workflow in SKILL.md that opens arbitrary URLs like "https://example.com/data" and uses snapshot/screenshot to extract and act on page content) explicitly fetch and ingest open/public web pages that the agent is expected to interpret and act upon, exposing it to untrusted third-party content.