skillmarketplace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs retrieving an OIDC token and then embedding it in a curl Authorization header (curl -H "Authorization: Bearer $TOKEN"), which requires the agent to handle and insert a secret into generated commands/requests.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs are high-risk: they point to a third‑party Fly.io gateway and ambiguous GitHub release/bundle links (which can host arbitrary executables or archives) and include a localhost OIDC token endpoint call that can be abused to obtain credentials or leak secrets, so together they present a strong malware/exfiltration vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's "Searching & Installing Skills" section requires using the search_skills tool which searches public community-skills indexes and the global skills.sh ecosystem and auto-installs third-party skills, meaning the agent will fetch and ingest untrusted, user-contributed skill content that can alter its behavior.