cloud-agents

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to ask the user for CURSOR_API_KEY and shows an example export CURSOR_API_KEY=<key>, which instructs embedding the secret into a command/interaction and therefore requires handling/outputting the secret verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill retrieves and displays untrusted, user-generated content from the external Cursor API and referenced GitHub PR/repo URLs (e.g., GET /agents/{id}/conversation in scripts/cloud-agent.sh and the SKILL.md workflows) which the assistant is explicitly instructed to read and use to decide actions like sending follow-ups or pulling/merging agent-created branches.