npmjs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs adding OTP/auth tokens (e.g., --otp=<code>) to npm publish commands and references using automation tokens, which requires embedding secret values verbatim into generated CLI commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly calls out fetching metadata and tarballs from the public npm registry (e.g., "npm view", "npm install" in the "Detecting Changed Packages" and "Post-publish Verification" sections), which are user-published/untrusted third-party contents that the agent reads and uses to decide publishing actions.