cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly shows and recommends passing an API key as a command-line flag (e.g., headlessx login --api-key your_headlessx_api_key), which encourages embedding secrets verbatim in generated commands/outputs and could lead the agent to ask for and output user secrets, although interactive login and env-var alternatives are mentioned.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's CLI explicitly provides commands to scrape, map, crawl arbitrary public websites and run Google/YouTube searches (see references/command-matrix.md and references/auth-and-output.md and SKILL.md examples like headlessx scrape https://example.com, headlessx crawl https://example.com, and headlessx google "latest ai news"), and those outputs are intended for LLM-facing workflows, so untrusted third-party content would be fetched and read by the agent and could influence subsequent actions.