runpod-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's example code and HTTP headers embed API keys and bearer tokens directly (e.g., api_key="RUNPOD_API_KEY", Authorization: "Bearer RUNPOD_API_KEY", "YOUR_KEY"), which requires the agent to place secret values verbatim into generated code/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a serverless handler example that fetches arbitrary public URLs and returns their response text (reference/serverless-workers.md: the async_handler/fetch_url example using aiohttp to fetch job_input["urls"]), so the agent would ingest and act on untrusted third‑party web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches and executes remote code at runtime — e.g., GitHub Actions and workflows download and run the runpodctl binary from https://github.com/runpod/runpodctl/releases/latest/download/runpodctl-linux-amd64, and model loading/snapshot_download calls pull Hugging Face model repos (e.g. https://huggingface.co/meta-llama/Llama-3.1-8B-Instruct) with trust_remote_code=True, which causes remote repository code to be executed and is required for the skill.