sigcli-auth-proxy

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill explicitly harvests browser cookies, localStorage and OAuth tokens, provides a MITM proxy and a command-runner that injects those credentials into arbitrary requests/commands — features that directly enable credential theft, silent token reuse and easy programmatic exfiltration, making it high-risk even if presented as a convenience tool.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs agents to use sig request and sig proxy to fetch and parse JSON from arbitrary public sites (e.g., validateUrl examples like reddit.com and x.com) so the agent will ingest untrusted third-party web content that can directly influence subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs running a MITM proxy that injects credentials and explicitly advises either trusting the proxy CA (which may require installing system trust anchors) or disabling SSL verification—actions that bypass or weaken system security—so it poses a meaningful risk even though it doesn't ask for sudo or create users.