claude-code-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to collect environment variables / sensitive KEY=value pairs (step 9.4) and to generate/write settings.local.json containing sensitive info, which requires the LLM to receive and embed secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a built-in "远程模板部署" workflow that clones arbitrary public GitHub/GitLab repositories via the --from URL (e.g., "/claude-code-setup --from https://github.com/user/claude-template-backend"), and those remote templates are incorporated into the generated project (including hooks, skills, and agents) that the agent reads and may execute, so untrusted third-party content can materially influence behavior.