pipes-new-indexer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes commands and instructions that require embedding ClickHouse passwords directly into CLI invocations, .env updates, and curl requests (e.g., --password, --user, sed replacement and explicit substitution of ), which would force an LLM to handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's mandatory Step 0 instructs the agent to "Visit the protocol's documentation" and "Look at actual transactions on Etherscan" (public, user/third‑party content) and the ENVIRONMENT_SETUP includes curl calls to the Subsquid Portal API (https://v2.archive.subsquid.io), so the agent is expected to fetch and interpret untrusted third‑party webpages/APIs as part of its workflow which can materially affect indexing decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates running the remote CLI via "npx @iankressin/pipes-cli@latest" (e.g., npx @iankressin/pipes-cli@latest init ...), which fetches and executes code at runtime and is required for the skill to operate.