workos-migrate-firebase

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs copying Firebase Client Secrets and project signer keys and embedding base64 secret values verbatim into PHC strings and API payloads (e.g., password_hash and provider secrets), which would require the LLM to handle/output secrets directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires a runtime WebFetch of and directs the agent to follow the external guide at https://workos.com/docs/migrate/firebase as the "source of truth", so the fetched content directly controls instructions and is a required dependency.