llm-as-computer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs reading GH_TOKEN from a file and inserting it directly into curl Authorization headers (command-line arguments), which requires embedding the secret verbatim into commands/requests and risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Updating from Repo" section includes an explicit curl-based workflow that fetches raw files from the public GitHub API (https://api.github.com/repos/oaustegard/llm-as-computer/contents/...) and overwrites/updates local skill source files which are then compiled/executed, meaning untrusted, user-generated repository content is ingested and can directly change runtime behavior.