collavre

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The setup example instructs passing an OAuth token as a command-line argument (collavre auth --token <oauth_token>), which is an insecure pattern that requires the agent to accept and potentially embed secret values verbatim in generated commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The CLI explicitly connects to a user-configured remote MCP server and ingests Server-Sent Events in scripts/collavre (connect()), using the first SSE "data:" message to set the session URL and processing subsequent JSON/markdown including descriptions and recent_comments returned by creative_retrieval_service (references/tool-reference.md and printResult), so untrusted, user-generated third-party content can directly influence the client's network targets and parsed outputs.