dokploy-deploy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs soliciting an API key and shows patterns that embed it verbatim (CLI --key, JSON config with DOKPLOY_API_KEY, header examples), which requires the LLM or user-facing commands/configs to contain the secret in cleartext.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and setup explicitly fetch and ingest data from user-supplied Dokploy endpoints (e.g., scripts/setup.py calls /api/settings.health and /api/trpc/project.all, SKILL.md and references instruct polling /api/trpc/deployment.all, fetching the OpenAPI spec, and curling app health domains), so the agent will read and act on arbitrary/untrusted third-party API and web responses which can materially change tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's mcp.json setup instructs the host to run "npx -y @ahdev/dokploy-mcp" (the MCP server, repo: https://github.com/Dokploy/mcp), which will fetch and execute remote code at runtime to provide the MCP tools the agent uses — a remote package execution dependency controlling agent tooling.