sydney-commute

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to "share" their TfNSW API key and shows a shell heredoc that embeds the key into a credentials file (replacing ""), which requires the LLM to accept and place the secret verbatim into generated commands/code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — scripts/commute.py calls and parses live JSON from public third‑party services (TfNSW API endpoints /stop_finder, /trip, /departure_mon at https://api.transport.nsw.gov.au, Nominatim at https://nominatim.openstreetmap.org, and ip-api.com), and those responses are used to resolve stop IDs, choose journeys/departures, and drive subsequent logic, so untrusted external content can materially influence tool behavior.