agent-reach

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples that pass API keys, cookies, and proxy credentials as command-line/configure arguments (e.g., twitter-cookies, groq-key, proxy user:pass), which encourages the agent to accept and embed secret values verbatim in generated commands — creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and reads untrusted, user-generated public content as part of its workflow (see SKILL.md commands like "Web — Any URL" using curl https://r.jina.ai/URL, Reddit curl examples, Twitter/X xreach commands, YouTube yt-dlp, and WeChat Articles via Camoufox), so third-party pages and social media can influence the agent's actions and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The preflight step runs pipx to install and run code from https://github.com/Panniantong/agent-reach/archive/main.zip at runtime (pipx install ...), which fetches and executes remote code and is required for the skill to run.