agent-device

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples that place an auth token and lease IDs directly into curl Authorization headers and command arguments (e.g., -H "Authorization: Bearer "), which encourages embedding secret values verbatim in generated commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main workflow and command skeleton explicitly allow fetching and opening arbitrary URLs (see "agent-device install-from-source " and "agent-device open [app|url] [url]" in SKILL.md), and the documented snapshot/find/press flows show the agent will read and act on UI content derived from those pages, so untrusted third-party content could influence subsequent actions.