marketplace-dev

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to mine local Claude session transcripts and extract "final working command/config" and observed commands, which can contain API keys, bearer tokens, or plaintext secrets and thus forces the model to read and potentially output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and validation steps explicitly include fetching and installing marketplaces/plugins from public GitHub (e.g., "claude plugin marketplace add /" and "claude plugin install …") and the schema/docs allow GitHub/git URL sources and auto-activated plugin hooks, so it will ingest and act on untrusted, user-generated third-party repo content that can influence tool behavior.