cpa-codex-manager-openai-pool

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes code that prints or copies sensitive fields (e.g., refresh_token, password, admin_token) verbatim (e.g., printing tokens, selecting and re-inserting passwords), which encourages exposing secrets in output or logs even though placeholders are used elsewhere.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content describes a tool whose primary purpose is automated, large-scale creation and management of OpenAI accounts (including use of disposable email services), automated export/upload of account credentials to remote CPA endpoints, and auto-replenishment to evade quota limits—behavior that strongly indicates intentional facilitation of credential collection and large-scale abuse/exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to arbitrary CPA endpoints via CPAServiceManager.add_service (base_url) and ingests external email providers (e.g., tempmail/outlook) as shown in the registration and InspectionService.inspect_cpa_accounts workflows, using their responses to auto-remove accounts and trigger replenishment—i.e., untrusted third-party content is read and directly drives actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Docker Installation step fetches and then runs a remote docker-compose file (https://raw.githubusercontent.com/Maoleio/CPA-Codex-Manager/main/docker-compose.yml) — this downloads external configuration that docker-compose will execute, so it constitutes executing remote code at runtime.