setup-cms

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste API tokens/passwords and then instructs writing those values verbatim into .env.local (and using them in preflight commands), so the LLM would need to receive and embed secrets in its outputs/files, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states that once configured the agent's /seo-analysis "automatically pulls published content from the CMS" (e.g., WordPress/Strapi/Contentful/Ghost), meaning it fetches and interprets user-generated public CMS content which could contain untrusted instructions influencing analysis and follow-up actions.