pty-bridge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows and recommends piping plaintext passwords into pty-bridge (e.g., echo -n "password" | pty-bridge write --stdin), which requires the agent to include secret values verbatim in generated commands, creating high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly starts arbitrary interactive commands including SSH sessions (see SKILL.md "SSH Session" and "Wait for Service Startup") and the daemon/session code (src/daemon.ts, src/session.ts) reads and interprets terminal output via read/exec/wait-for, meaning untrusted remote/user-generated output can be ingested and used to drive subsequent actions.