aeo

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to ask users for missing API keys and then write them into .env using echo commands (embedding the provided secrets verbatim), which requires the LLM to output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run npx goose-aeo commands that scrape public website pages (npx goose-aeo audit --json) and query third-party AI search engines (Perplexity, Gemini, Grok, Claude, DeepSeek) including auto-discovery via Perplexity, so the agent ingests untrusted public web/AI-search content and uses it to drive analyses and recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes "npx goose-aeo@latest" at runtime, which fetches and executes remote code from the npm registry and is a required dependency that controls the skill's behavior and outputs.