react-health-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires reading and returning "full evidence" from repository files (including CI/CD/workflows and configs) and mandates embedding those findings into the final report, which forces the agent to output any secrets found verbatim if present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory tool-installer step (references/tool-installer.md) instructs downloading and sourcing an external installer via curl (https://raw.githubusercontent.com/...) and installing Node via nvm (which pulls remote binaries), so the agent would fetch and execute untrusted third‑party content that can change runtime behavior and influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's mandatory environment setup (references/tool-installer.md) explicitly runs a remote install script with curl piped to bash from https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh, which fetches and executes remote code at runtime and is required for the agent to proceed.