divination-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs asking the user for API keys and includes an explicit example passing an API key as a command-line argument (--api-key YOUR_KEY), which requires the LLM to accept and embed secret values verbatim in generated commands/configs.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL points to a GitHub repository (amenti-labs/opendivination) which is hosted on a legitimate platform but appears to be an untrusted/unknown project; installing directly from a git URL (pipx install git+...) will execute install scripts from that repository, so it carries moderate risk of running malicious code if the repo or author is not verified.