mf-module-info

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs embedding the MFContext JSON and remoteEntry URL verbatim into command-line arguments (e.g., --context ''), so if that context contains any API keys, tokens, or passwords the LLM would need to output them directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts/module-info.js explicitly fetches and parses mf-manifest.json (and, upon user request, remote @mf-types.zip or typesApi) from the resolved publicPath/remoteEntry URL — untrusted public third-party content that the agent reads and uses to determine remotes/exposes/shared and other actions.