sops-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to display the full age-keygen output — including the private AGE-SECRET-KEY — and tell the user to copy it, which requires the LLM to output secret private keys verbatim.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime install commands that fetch and execute remote code (e.g., curl | bash to run Homebrew's installer at https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh and curl downloads of release binaries from GitHub like https://github.com/FiloSottile/age/releases/download/... and https://github.com/getsops/sops/releases/download/...), which are required for the skill's "Install tools" step and thus present a high-confidence execution risk.