plugin-creator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt asks the user to supply environment variables (KEY=VALUE) and free-text command/URL/prompt bodies for MCP servers and hooks, and it writes those values into generated config/scripts, which requires the LLM to include secret values verbatim in files/outputs (exfiltration risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly supports fetching plugins from external git/URL sources (e.g., "https://gitlab.com/team/plugin.git" shown in references/marketplace-manifest.md), which are retrieved at install/runtime and can contain SKILL.md, agent files, hooks, or install scripts (npm installs, MCP server commands) that directly control model prompts or execute code, so this is a runtime external dependency that can control instructions or run code.