cmux

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt documents CLI flags that accept secrets (e.g., --password) and provides commands to read/send arbitrary terminal text and browser cookies/storage, which means an agent using this skill may need to include secret values verbatim in constructed commands or outputs (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md includes browser commands that open arbitrary URLs and read page content (e.g., "cmux browser open/goto ", "cmux browser snapshot" and "cmux browser get <url|text|html>"), which clearly fetch untrusted third‑party web content that the agent is expected to read and can influence subsequent actions.