npm-git-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly shows embedding Personal Access Tokens in commands/URLs (e.g., npm install git+https://@github.com... and export GITHUB_TOKEN=ghp_xxxxxxxxxxxx), which instructs including secrets verbatim in outputs/commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs installing packages from arbitrary public GitHub repositories (e.g., commands like "npm install git+https://github.com/owner/repo.git" and the described git clone → npm install → npm run prepare flow), which causes the agent/environment to fetch and execute untrusted, user-generated code from the open web (GitHub).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill contains explicit privileged operations (e.g., "sudo apt-get install git", "sudo chown -R $(whoami) /usr/local/lib/node_modules") and instructions for global installs that modify /usr/local and create system-wide symlinks, which push the agent to change the machine's system state and require elevated privileges.