opencli-universal-cli-hub

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples that embed passwords/credentials directly into commands and adapter calls (e.g., filling "input[name='password']" with "mypass" or args.password), which would require the LLM to handle and emit secret values verbatim, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to open and interact with arbitrary public webpages (e.g., "opencli browser mysession open https://github.com/trending") and includes built-in adapters for social sites like Reddit and Twitter plus extract/wait/network commands that ingest and act on user-generated third‑party content, so untrusted web content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime browsing of arbitrary external pages (e.g., opencli browser mysession open https://github.com/trending) and extracts/uses page content in adapter logic, which means remote page content fetched at runtime can be injected into or directly control agent prompts and behavior.