tauri-pilot

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes and encourages patterns that embed secrets verbatim (e.g., fill commands with plaintext passwords, examples like "password123", storage list/get, network dumps, and exportable replay scripts), so an LLM playing this skill would likely output or relay secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly instructs agents to browse and ingest WebView content (e.g., navigate , snapshot/html/text/value, network logs, eval) and the README/SKILL.md AI-agent guides require taking snapshots and acting on the page DOM, so arbitrary/untrusted public webpages or user-generated content loaded into the app can be read and directly influence subsequent tool use and actions.