expo-horizon

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to prompt the user for config values (notably the horizonAppId) and then write those exact values into app.json, which requires the LLM to accept and emit user-provided secret/config values verbatim (exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the agent to "webfetch" official READMEs and Meta documentation (e.g., GitHub raw.githubusercontent.com README links and developers.meta.com pages) so the agent will fetch and interpret public, untrusted third‑party content that directly influences install/configuration and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires webfetching the expo-horizon READMEs at runtime (for example https://github.com/software-mansion-labs/expo-horizon/blob/main/expo-horizon-core/README.md), which the agent uses to determine installation/configuration instructions, so external content directly controls prompts and is a required runtime dependency.