deepspace

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and recommends a non-interactive login that embeds passwords on the command line (npx deepspace login --email --password ) and references session/JWT files, which encourages including secret values verbatim in commands/scripts and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to call and consume external, public third‑party APIs (e.g., integration.post('/') and image/LLM endpoints in references/integrations.md, the streamed chat in references/ai-chat.md, and image-generation in references/landing-design.md), expects the agent to read and act on those responses (e.g., handling requiresOAuth/authUrl, using upstream LLM/tool outputs), and those responses are untrusted/user-generated content that can materially change subsequent actions.