infer-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The wizard explicitly tells the agent to extract writeKey/readKey/session/endpoint from pasted setup text and to save or insert them into config files and API requests (e.g., GET /v1/auth/me?session=SESSION and filling analytics.ts placeholders), which requires the LLM to handle and may cause it to emit secrets verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill writes a .mcp.json entry that runs npx --yes @inferevents/mcp@latest at runtime, which fetches and executes remote package code (via npx @inferevents/mcp@latest) that the setup relies on to operate, so this is a runtime external dependency that executes remote code.