security-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs scanning sensitive files and embedding "Código" snippets and line-extracted contexts in reports (including ~/.aws, ~/.ssh, tokens, api_key, password), which could cause the LLM to output secret values verbatim without masking.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Both links point to an untrusted/suspicious domain (evil.com) and include a direct shell script (.sh) and an ambiguous payload, which match high-risk indicators for remote code execution and malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill reads and interprets arbitrary installed skill files (e.g., SKILL.md and .skill in /mnt/skills/public, /mnt/skills/examples, and especially /mnt/skills/user), ingesting untrusted user/third-party content (including HTML comments and example code) as part of its scanning workflow, which could carry indirect prompt-injection instructions.