andromeda-messages

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds an explicit bearer token ("Authorization: Bearer andromeda25") in several curl examples and instructs using it for API calls, which requires the model to include that secret verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and lists user-generated nodes from the public site https://www.mishabuloichyk.com (e.g., GET /api/andromeda?galaxy=...), and those arbitrary third‑party messages are read/presented and could influence subsequent actions, so they could carry indirect prompt injection.