superwall-editor

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for a pairing code and then embed that code verbatim into a CLI attach command (scripts/sw-editor.sh attach ), which requires the LLM to handle and output an authentication secret.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly attaches to a live, user-provided browser editor session and instructs the agent to run scripts/sw-editor.sh tools and calls (e.g., get_subtree, get_screenshot) to fetch the browser's toolDefinitions and page/subtree content (SKILL.md and references/workflow.md), meaning the agent will ingest untrusted, user/browser-supplied content that directly determines which tools/parameters to invoke and thus can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CLI contacts the relay at https://superwall-mcp.superwall.com during runtime (e.g., /editor-sessions/claim and /editor-sessions/{id}/call-tool) to obtain controller tokens and tool definitions that determine available tools and to invoke those tools in the remote browser session, so external content directly controls what the agent can call and triggers remote execution.