test

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the user to paste API/OIDC credentials and OpenRouter keys and then instructs the agent to write them into .env files and pass them verbatim in commands (e.g., sed replacements and --ai-key on the deploy command), which requires the LLM to handle and emit secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The deploy flow (Phase 5) explicitly states that the --env-dir flag auto-detects VITE_OIDC_AUTHORITY from test-vibes/.env and "fetches OIDC discovery, gets PEM key, sets OIDC_PEM_PUBLIC_KEY and PERMITTED_ORIGINS as Worker secrets", meaning the skill fetches and consumes data from an external authority URL (untrusted third-party) which is then used to configure runtime behavior.