development

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read an "authToken" from .claude-plugin/project-config.json and include it in a curl header (x-auth-token: ${AUTH_TOKEN}), which requires embedding a secret into a generated command/request and thus exposes sensitive values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches site and per-site configuration from the public Config Service API (https://admin.hlx.page/config/${ORG}/sites.json and https://admin.hlx.page/config/${ORG}/sites/{site-name}.json) as required runtime inputs and then parses those JSON responses to decide repository URLs, repoless vs. standard setup, and local server flags, so untrusted third‑party data can materially influence the agent's decisions and actions.