ops-ecom

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to run scans and commands that reveal tokens (printenv, security find-generic-password -w, doppler secrets, grep .env, etc.) and to use tokens directly in API calls/headers or manual copy/paste flows, meaning the agent will need to access and may output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill contains explicit, prioritized steps to stealthily discover and harvest Shopify store URLs and access tokens from environment variables, local files, password managers, system keychains, browser history, and Doppler across all projects — and even automates app creation/OAuth to obtain tokens — which is credential-theft/data-exfiltration behavior and constitutes a high-risk backdoor pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests external, user-generated store and fulfillment data from third-party APIs (e.g., Shopify Admin endpoints like /admin/api/.../orders.json, /products.json, /customers.json and optional ShipBob API calls) as part of its required workflow and uses that content to compute analytics and drive actions (inventory updates, fulfillments, price changes), so untrusted third-party content can materially influence decisions.