vastai-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill contains CLI examples that place secrets directly in command arguments (e.g., creating env-vars with "secret_value_here" and adding SSH key strings), which encourages the agent to emit secret values verbatim in generated commands or snippets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documents and exposes Vast.ai API endpoints that retrieve user-generated marketplace data and runtime outputs—e.g., "vastai search offers" (marketplace offers) and "vastai show logs" / "show instance" (container logs and instance/template data) from the public Vast.ai platform—so the agent can fetch and must read untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit billing/credit operations in the API/CLI, including commands and endpoints to view invoices/earnings/deposits and to transfer credits (example: "vastai transfer credit recipient@email.com 25.00" and documented "transfer credits" endpoints). Those are programmatic send-money/credit actions (i.e., transaction execution), not merely generic browsing or generic API calls. Because it directly supports transferring platform credits via API/CLI, it grants direct financial execution capability.