pubnub-multiplayer-gaming

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt shows hard-coded publish/subscribe keys in the SDK initialization and requires including PubNub SDK initialization in outputs, which encourages embedding API keys directly (verbatim) into generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly subscribes to and processes user-generated messages from public PubNub channels (e.g., pubnub.subscribe + pubnub.addListener on 'game-lobby', 'game.{roomId}.chat', 'leaderboard.{gameType}', and uses fetchMessages / public REST endpoints), so untrusted third‑party content is ingested and interpreted as part of the workflow.