audit-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The report format requires including "exact line(s) that triggered the finding" from SKILL.md or scripts, which would force the agent to echo raw file lines (potentially containing API keys, tokens, or passwords) verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to clone a public GitHub repo (git clone https://github.com//) and "Audit the files under $TMPDIR/repo/skills//", meaning the agent will read and analyze untrusted, third‑party SKILL.md and scripts from public repositories which could contain indirect prompt-injection content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs running "npx cyber-skills@ audit validate" and related "npx cyber-skills@ governance show ..." at runtime, which fetches and executes remote package code (from the npm registry) whose output is treated as authoritative governance/instructions for the audit, so this is a required runtime dependency that executes remote code and can directly control agent behavior.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)