ai-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks the user to "paste your key here" and shows the agent validating and inserting the OpenRouter API key into config files and example curl headers, which requires the LLM to receive and output the secret value verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly configures and uses third-party model endpoints (OpenRouter via https://openrouter.ai as shown in "Step 1.2: OpenRouter Setup" and adds an "openrouter" provider to ~/.pi/agent/models.json) and instructs downloading remote models via Ollama ("ollama pull ..."), meaning the agent will fetch and consume untrusted external model outputs as part of its runtime workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent to use remote model providers at OpenRouter (https://openrouter.ai/api/v1 and https://openrouter.ai/keys) and to fetch/run models via Ollama (https://ollama.ai/download and local Ollama at http://localhost:11434/v1 / via ollama pull), which are runtime external dependencies that execute remote model code and directly control the agent's prompts/responses.