electrobun-distribution

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains multiple examples that embed passwords/keys directly on the command line (e.g., xcrun notarytool --password "app-specific-password", certutil/signtool with -p or /p PASSWORD), which instructs or encourages including secret values verbatim in commands and is therefore an insecure pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's client code (src/bun/main.ts) configures an Updater to fetch and parse an external updates feed (https://updates.myapp.com/updates.json) and then download and install packages based on fields like version, releaseNotes and urls, so remote/untrusted update content can directly influence runtime decisions and trigger installer actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's updater is configured to fetch https://updates.myapp.com/updates.json (and the linked update artifacts like MyApp-1.0.1-*.zip/.exe/.AppImage) at runtime to drive update prompts and to download/install remote binaries, so this external URL directly controls behavior and delivers executable code required for updates.