code-debug-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the AI to start the debug server and "use the JSON output to copy the snippet and endpoint" and to embed auto-generated session/run IDs and that snippet directly into instrumentation code, which forces the model to read and include potentially secret ingestion tokens or endpoints verbatim in its output.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill prescribes auto-running an external npm package (npx debugsk), starting an HTTP ingest server (CORS-enabled), auto-embedding session/run IDs into instrumentation, and having the AI start servers, read local logs, and send collected events without environment guards—this combination creates high-risk paths for data exfiltration, supply-chain compromise (malicious npm package/postinstall), covert remote access or backdoor-like servers, and unintended leakage of credentials or PII.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates running "npx debugsk@latest server start --json" at runtime, which fetches and executes a remote npm package (debugsk from the npm registry), so it is a required runtime dependency that executes remote code.