brewpage-publish

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks for or generates a page password and requires inserting that password verbatim into the curl X-Password header (and into the executed bash payload), so the agent must handle and embed a secret value directly into commands/requests.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to a small, no‑signup file/HTML hosting API (brewpage.app) plus an individual GitHub repo — the service allows anonymous uploads of arbitrary files (including executables) and can be used to distribute malware even if the site itself is not obviously malicious.