audiocodes-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains multiple examples that pass plaintext passwords as --password arguments (including hardcoded "Admin") and CLI examples that instruct copying credentials into commands, which would require the LLM to emit secret values verbatim and is therefore high risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs users to run "npx audiocodes-cli", which at runtime fetches and executes the package from the npm registry (https://registry.npmjs.org/) — a remote code fetch-and-execute dependency.