voluum-setup-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows and encourages passing access keys and session tokens directly as command-line arguments (and placeholders to be filled verbatim), which requires the model to handle or reproduce secret values in output and is an insecure pattern.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Install from source instructions clone and build code from https://github.com/markab21/voluum-cli.git and then run it (bun run build / node dist/index.js), so that external GitHub repository is fetched at runtime and executes remote code.