cio

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to accept a pasted token and run a command that embeds that token verbatim (echo "$TOKEN" | cio auth login --with-token), which requires the LLM to handle and output secrets directly and therefore poses an exfiltration risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs runtime fetches of raw README files (e.g., curl -fsSL https://raw.githubusercontent.com/customerio/cli/main/README.md and the SDK READMEs like https://raw.githubusercontent.com/customerio/cdp-analytics-js/main/packages/browser/README.md) which the agent/user is told to retrieve and follow to install/execute code, so external content would directly control instructions and installation behavior.