code-registry

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to use a user's API key via an X-API-Key header or pass api_key in tool arguments, which requires embedding secret values verbatim into requests/commands and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly polls and ingests results from the external Code Registry MCP endpoints (e.g., get-code-vault-summary and get-code-vault-reports in scripts/poll_vault_status.py and the SKILL.md workflow) and even instructs operators to "run one command from next_steps.commands" returned by create-code-vault for LOCAL_AGENT, meaning untrusted, third-party report content can be read and used to decide/execute further actions.