seed-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and guidance that instruct the agent to accept/paste mnemonics or private keys and place them directly into CLI commands (e.g., seed-cli key import "mnemonic"), which requires handling and outputting secrets verbatim and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires running seed-cli search and then fetching full documents/comments (seed-cli document get / comment get) from remote servers (e.g., https://hyper.media or user-specified --server) and instructs the agent to read and incorporate those user-generated results as citations/inputs, so untrusted third-party content can directly influence tool decisions and generated output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running remote code at runtime via "npx -y @seed-hypermedia/cli@latest" (which fetches and executes the @seed-hypermedia/cli package from the npm registry, e.g. registry.npmjs.org), so it depends on externally fetched code that is executed and therefore poses a runtime code-execution risk.