doppler-secret-validation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill contains examples and workflow steps that embed secret/token values directly into CLI commands and short test scripts (e.g., doppler secrets set SECRET_NAME="value", python3 -c "token = 'TOKEN_VALUE'..."), which encourages the agent to accept and emit secrets verbatim in output, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's required workflow (Step 4 in SKILL.md) runs scripts/test_api_auth.py which performs HTTP requests to a user-supplied API URL using urllib.request.urlopen and interprets the response/status to decide authentication success, meaning it fetches and acts on untrusted third‑party API content (arbitrary URLs) that can materially influence decisions.