sell

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs embedding credentials directly into CLI flags and examples (e.g., --ai-key "sk-...") and asks the agent to accept/paste IDs for inclusion in commands, which requires the LLM to handle/output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime/template and required workflow explicitly fetch and act on public registry endpoints (e.g., /registry.json, /check/{subdomain}, /resolve/{subdomain}) — SKILL.md Step 5.4 even instructs running curl against https://{domain}/registry.json — so untrusted, user-controlled JSON from the web is read and used to decide routing/claims/permissions and gating behavior.