auth0-ionic-angular

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill explicitly instructs the agent to read Auth0 credentials (domain, client ID) from the CLI or an .env and write them directly into the project config file, which requires embedding secret values verbatim (even though it warns not to print them), so the LLM would need to handle secrets directly and risks exfiltration if not strictly enforced by the execution environment.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to run live commands that fetch public data—e.g., "gh api repos/auth0/auth0-angular/releases/latest --jq '.tag_name'" and various Auth0 CLI commands in the Setup Guide—to read release tags and tenant/app JSON from third-party (GitHub/Auth0) endpoints and use those values to drive dependency lines and setup actions, which exposes the agent to untrusted external content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs the agent to run a runtime fetch—gh api repos/auth0/auth0-angular/releases/latest—to obtain the SDK version that will control dependency lines, and also includes a runtime install command that downloads and executes remote code (curl -sSfL https://raw.githubusercontent.com/auth0/auth0-cli/main/install.sh | sh), so these external endpoints are used at runtime and directly control instructions/execute code.