ileap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes command examples and workflows that embed credentials verbatim (curl -u ":", -H "Authorization: Bearer {token}", CLI flags -u/-p), which would require an agent to insert or echo secret values directly into generated commands/outputs if those placeholders are filled—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and ingesting public third-party content (e.g., curl calls to https://api.ileap.sine.dev in "Step-by-step verification" and downloading/running the ACT script from https://raw.githubusercontent.com and using https://act.sine.dev), so the agent would read/interpret untrusted external responses that can materially influence testing/tooling decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit runtime commands that fetch and execute a remote script (curl -sSf https://raw.githubusercontent.com/sine-fdn/act/main/act.sh | bash -s -- ...), which will execute remote code during CI/local runs to run ACT tests — a required runtime dependency for the conformance workflow.