aeo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt tells the agent to ask users for API keys and then write them into .env using echo (e.g., echo 'GOOSE_AEO_PERPLEXITY_API_KEY=pplx-...' >> .env), which requires the LLM to include secret values verbatim in generated commands/outputs, creating a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run npx goose-aeo commands that scrape public website pages (npx goose-aeo audit --json) and query third-party AI search engines (Perplexity, Gemini, Grok, Claude, DeepSeek) including auto-discovery via Perplexity, so the agent ingests untrusted public web/AI-search content and uses it to drive analyses and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes "npx goose-aeo@latest" at runtime, which fetches and executes remote code from the npm registry and is a required dependency that controls the skill's behavior and outputs.