dodun-help

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill lists a required "session token" for post-join commands and mandates "copy-pastable commands" and token-scoped command handling, which implies the agent will ask for and embed tokens verbatim in generated commands—creating an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill defaults to using the external control endpoint https://dodun.online at runtime to obtain session tokens, routing/assignment decisions and execution prompts that are delivered to runners, so that URL can directly control agent prompts and execution flow.