runpodctl

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes example commands that embed secrets directly on the command line (e.g., --password "p") and references API key setup, which would require the agent to place secret values verbatim into generated commands — an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's template commands (e.g., "runpodctl template list --type community" and "runpodctl template get " which "includes README, env, ports") pull community/user templates and READMEs from Runpod's public registry, untrusted user-generated content the agent would read and that could materially influence pod creation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The install steps fetch and install executable binaries from GitHub (e.g. https://github.com/runpod/runpodctl/releases/latest/download/runpodctl-linux-amd64.tar.gz and the corresponding darwin/windows release URLs), which are remote executables the skill requires and will run locally, so they constitute external code fetched and executed.