skill-support

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit CLI examples that embed tokens directly (e.g., skill keys add FRONT_API_TOKEN=<token> and similar patterns), which would require the agent to place secret values verbatim into generated commands—creating an exfiltration risk—even though many flows use safer env/device flows elsewhere.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a direct raw .sh script hosted on GitHub (raw.githubusercontent.com) and is intended to be piped to bash — while GitHub is a reputable host, executing an unreviewed remote shell script is high risk because it can run arbitrary code, so audit the script or use a vetted installer instead.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start instructs users to run curl -fsSL https://raw.githubusercontent.com/skillrecordings/support/main/packages/cli/install.sh | bash, which fetches and directly executes remote code during installation (a required step to get the CLI), so it is a runtime external dependency that can execute arbitrary code.