endor-sast

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires the agent to read and display vulnerable code snippets from source files (including hardcoded credentials category), which would force the LLM to reproduce any secret values found verbatim in its output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's CLI fallback instructs running "npx -y endorctl" which fetches and executes the endorctl package from the npm registry at runtime, so this external package (fetched via npx from the npm registry) is a required runtime dependency that executes remote code.