localhero

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly advises using npx @localheroai/cli login --api-key <key> (a direct CLI argument) which encourages embedding API keys verbatim in commands—an insecure pattern that can force the agent to handle or echo secrets.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads project glossary and style settings dynamically from the third‑party Localhero.ai service (see README.md: "Glossary terms and settings are loaded dynamically when the skill activates" and SKILL.md/cli-reference.md which instruct use of npx @localheroai/cli glossary and settings), and those user-managed/third‑party entries are read and used to influence phrasing and actions, so untrusted content could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly loads project glossary and settings dynamically from Localhero/its API (https://localhero.ai) via the Localhero CLI (npx @localheroai/cli — https://www.npmjs.com/package/@localheroai/cli), which the skill requires at runtime and which directly influence the agent's prompts/behavior and also involves executing remote CLI code, so this is a runtime external dependency that controls prompts and executes code.