aig-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly requires the user to provide model tokens/API keys (e.g., "token", "target-token") and its command examples use token flags (--token, --target-token) so the agent will need to include those secret values verbatim in generated exec/command calls or request payloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends arbitrary public URLs/GitHub repos to the A.I.G backend and then directly surfaces backend-provided, user-originated fields such as "readme", "results"/findings, "screenshots", and "attachment" (see scripts/aig_client.py _format_result which prints readme/findings/screenshots, and SKILL.md which instructs "The script's stdout is the final user-facing output"), so untrusted third‑party content is ingested and presented in the agent workflow and could influence subsequent decisions.