agent-reach

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs supplying cookies and proxy credentials directly in CLI commands (e.g., twitter-cookies "auth_token=xxx; ct0=yyy" and proxy URLs with user:pass), which would require the agent to collect and embed secret values verbatim in generated commands.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These links include a direct pip install from an unknown GitHub repository (main.zip — a direct executable/package source), a high‑privilege Chrome extension link (cookie access), and a credentialized proxy URL (user:pass@ip:port); together these are common malware/misuse vectors and should be treated as suspicious unless the GitHub author and extension are verified trusted sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider free text can be ingested when the required runtime workflow uses agent-reach read <url> or any search-* command to fetch and extract public web/social content (e.g., articles, tweets, Reddit posts) and then passes that readable text into the agent’s LLM context.