npm-git-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows embedding Personal Access Tokens in commands/URLs (e.g., npm install git+https://@github.com... and export GITHUB_TOKEN=ghp_xxxxxxxxxxxx), which instructs including secrets verbatim in outputs/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs using git+https://github.com/... URLs and describes npm's runtime flow (git clone, checking out branches, and running package "prepare" scripts) which means the agent will fetch and execute untrusted, user-generated GitHub repository content that can change subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime install commands such as "npm install -g git+https://github.com/JEO-tech-ai/supercode.git#main" which will git-clone the remote repo and run package lifecycle scripts (e.g., npm run prepare), meaning fetched content is executed at runtime and thus poses a code-execution risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill contains explicit privileged operations (e.g., "sudo apt-get install git", "sudo chown -R $(whoami) /usr/local/lib/node_modules") and instructions for global installs that modify /usr/local and create system-wide symlinks, which push the agent to change the machine's system state and require elevated privileges.