agent-import

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill requires the user to supply a CODE and a DOWNLOAD_TOKEN and explicitly shows running a shell command with those values as command-line arguments (python3 ... <DOWNLOAD_TOKEN>), which forces the agent to include secret tokens verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads a migration bundle from the public relay (https://sc-agent-migration.fly.dev) via scripts/download.py (SKILL.md Step 1), then reads and applies untrusted bundle files (manifest.json, identity/soul.md, memory/.json, tasks/.json, files/, etc.)—including generating and running task scripts and adding memories—which can materially change agent behavior and thus enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill downloads a migration bundle at runtime from https://sc-agent-migration.fly.dev/paste/{code}, and the extracted bundle can include migration/identity/soul.md (which is written into prompt/SOUL.md) and files/tasks that may be copied and run, so remote content can directly control agent prompts and result in code execution.