stream-android

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to collect API keys/tokens (from dashboard or user) and "use the resulting API key and token in every code snippet — never placeholder strings," which requires including secrets verbatim in outputs and thus poses a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required credentials flow (credentials.md) mandates running the external "stream" CLI and consuming its API outputs (fetching API keys, generating tokens, and seeding channels via Stream's public API), and RULES.md also directs querying public sources (Maven Central / GitHub/docs), so the agent ingests untrusted third‑party content (CLI/API responses and public docs) that directly drive tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's credentials flow explicitly instructs installing the stream CLI at runtime via /bin/bash -c "$(curl -fsSL https://getstream.io/cli/install.sh)", which fetches and executes remote code and is required for the CLI-based credential steps.