appstorereject-scan

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to read the API key (from env or config), store it in working memory, and substitute the actual key value verbatim into Authorization headers and curl commands, which requires the LLM to handle and emit secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches check definitions and community-maintained resolution guides from https://api.appstorereject.com (see SKILL.md steps 3, 5, 8 and the format-report/collect-slugs flow) and explicitly requires presenting resolutionSteps verbatim and executing checks based on the API-provided executionRule, so untrusted third-party content can directly influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches dynamic scan definitions and guides at runtime from https://api.appstorereject.com (notably https://api.appstorereject.com/api/scan/checks and related endpoints), and those fetched JSON fields (e.g., executionRule and fetchCommand) are executed or used verbatim to drive checks and agent prompts, so the external content directly controls runtime execution and instructions.