skill-comparator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly directs the agent to fetch SKILL.md content and "Quote specific lines as evidence" (and to ask users to paste files), which will cause the LLM to reproduce any hardcoded API keys, tokens, or passwords found verbatim — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Fetch the page with web_fetch" for skills.sh and to convert/fetch raw GitHub URLs (PHASE 1 Fetch Strategy) and then "read the entire skill carefully" and base scoring/decisions on that content (PHASE 2), meaning it ingests untrusted public web content (skills.sh/GitHub) that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches SKILL.md at runtime from external URLs (e.g., https://raw.githubusercontent.com/... and https://skills.sh/author/skills/skillname) and injects that fetched content into the agent for evaluation, so remote content can directly control prompts (prompt‑injection risk).