xparse-parse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim in commands (e.g., --password <PWD>) and refers to configuring paid API credentials, which could require the LLM to accept or emit secret values directly, creating an exfiltration risk.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are direct links to shell and PowerShell installer scripts hosted on a non-obvious third‑party download subdomain and the skill instructs piping them directly into a shell/iex — a high‑risk pattern for remote code execution and malware distribution unless the domain and package are explicitly verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow (SKILL.md "Prefer this skill whenever the task starts from a local file or document URL" and the Default Path / Quick start steps: "Run xparse-cli parse <FILE>" then "Read the markdown result") requires ingesting and interpreting arbitrary user-provided or public document content (including document URLs), which could contain untrusted, instruction-like text that influences subsequent agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup includes commands that fetch and execute remote installer scripts (source <(curl -fsSL https://dllf.intsig.net/download/2026/Solution/xparse-cli/install.sh) and irm https://dllf.intsig.net/download/2026/Solution/xparse-cli/install.ps1 | iex), which run remote code and are presented as required to install/run the CLI.