minion-fetch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill's examples show passing header values directly on the command line (e.g., --headers "Header-Name: Header-Value"), which would require the LLM to embed secret tokens (Authorization, API keys, cookies, passwords) verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the skill to fetch and process content from arbitrary URLs (e.g., "npx minion-fetch " and the --md/--jq/--json-schema examples), so the agent will read and interpret untrusted public web content that can influence subsequent processing.