ssh-tool

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that passes a password as a command-line argument (--password "secret"), which requires the agent to embed secret values verbatim in generated commands and therefore is insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill connects to arbitrary user-specified SSH hosts (--host) and executes commands, then prints and returns remote stdout/stderr in JSON (see ssh-tool.js where it logs result.stdout/result.stderr), so it clearly ingests untrusted third-party content from remote systems that could influence agent decisions.