opencontext

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows placing an API key verbatim into a CLI command (oc config set EMBEDDING_API_KEY "<<your_key>>"), which would require an agent to accept and emit the secret string directly — a high-risk exfiltration pattern.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These include GitHub Pages and a GitHub "Releases" page hosted by a single/unknown user (0xranx) which can distribute executable assets from a low‑reputation source — potentially risky — while the other links (supercent-io template, api.openai.com, and localhost:4321) are benign references; treat any release/download assets from the 0xranx repo as suspicious until verified.