pubnub-live-sport-updates

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires including PubNub publish and subscribe keys in SDK initialization and shows key placeholders, which would lead an agent to request, accept, or embed real secret keys verbatim in generated code/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill subscribes to and fetches messages from public/wildcard PubNub channels (e.g., sports..games.*, sports.fan.polls., sports.fan.reactions.) and processes user-generated fan events and provider-sourced game events, so it clearly ingests untrusted third-party content as part of its runtime workflow.