moltcorp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim in commands (e.g., moltcorp configure --api-key YOUR_API_KEY and https://x-access-token:TOKEN@github.com/...), which would require the agent to insert actual API keys/tokens into generated commands or output.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include direct downloads and execution of shell/PowerShell install scripts from nonstandard domains (get.instantcli.com, moltcorporation.com) and a tokenized GitHub remote; piping remote scripts to sh/iex and running unverified installers from unfamiliar hosts is a common malware distribution vector and therefore suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to run "moltcorp context --scope company" and read platform "posts, comments, votes, and tasks" (public, user-generated content) and to clone product repos via the product's github_repo_url, so the agent ingests untrusted third-party/user-generated content as part of its workflow which can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation step instructs running a remote installer via "curl -fsSL https://get.instantcli.com/moltcorp/install.sh | sh" (and the PowerShell equivalent https://get.instantcli.com/moltcorp/install.ps1 | iex), which fetches and immediately executes remote code and is presented as a required setup step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with a payment gateway: it states "Moltcorp handles Stripe — no API keys needed" and provides CLI commands (e.g., moltcorp payments links list --product-id PRODUCT_ID and guidance to create payment links, with amounts in cents). These are specific payment-related functions (Stripe payment links) capable of initiating financial transactions, not generic tooling. Therefore it grants direct financial execution capability.