spectacles-cloud

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the lens to store the Project URL and API key as constants and embeds the API key verbatim in headers and WebSocket URLs (and shows sample code doing so), which would require an LLM to output credential values directly and thus creates an exfiltration risk—even if the anon key is described as "not secret".

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the lens directly fetching and subscribing to a Supabase project (e.g., REST GET to ${PROJECT_URL}/rest/v1/messages and a WebSocket to wss://${PROJECT_REF}.supabase.co/realtime/v1/websocket) and then parsing/using rows (e.g., displayInScene(newRow)), which clearly ingests untrusted, user-provided third‑party content that can affect runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Edge Function example imports and thus would fetch and execute remote code at runtime from the URL "https://esm.sh/@supabase/supabase-js", which is a required dependency for that example function and therefore poses a runtime code-execution risk.