superagent-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and command forms that place passwords/cookie values directly into CLI flags (e.g., superagent fill --value "s3cret", superagent cookie set --value ), which requires the agent to output secret values verbatim and thus poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's browser automation explicitly navigates to arbitrary URLs (e.g., "superagent goto --url ") and then snapshots/reads/extracts page content (e.g., "superagent snapshot", "superagent exec --command 'get html @e1'"/"get text @e1", "eval --expression ") which the agent is instructed to interpret and use to drive follow-up interactions, so untrusted web pages could inject instructions that change behavior.