carto-develop-app

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run the CARTO CLI to create credentials and then "write .env", which requires capturing and embedding token/secret values verbatim in generated output (the .env), creating a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-published CARTO Builder maps via fetchMap (references/fetchmap.md) and accepts arbitrary custom basemap/style URLs, so untrusted/user-generated map config, layers, tooltips and style specs are read and used to construct app layers and behavior — i.e., external content directly influences tool use and next actions.