ai-coding-agents

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains examples that embed API keys/tokens in command-line arguments and HTTP headers (e.g., --env API_KEY=xxx, -H "Auth: Bearer x", echo secret | codex login), which instructs or encourages inclusion of secrets verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports fetching and ingesting untrusted public content — e.g., Fix GitHub issue #$ARGUMENTS (steps: "Fetch issue details from GitHub"), web search flags like codex --search, MCP HTTP/SSE servers (codex mcp add --url https://..., claude mcp add -t http <url>), and plugin/marketplace manifests (claude plugin marketplace add https://.../manifest.json), all of which cause the agent to read arbitrary third-party/user-generated content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly documents and encourages unsafe modes and permission bypasses (e.g., --yolo, --dangerously-skip-permissions, --permission-mode bypassPermissions / danger-full-access) and includes commands that can apply diffs, install globally, and write to shell/config files, which push an agent to bypass safeguards and modify the machine state.