createos

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes many examples and API calls that place secrets (API keys, tokens, DB URLs) directly into JSON fields, headers, and environment variables (e.g., "OPENAI_API_KEY": "sk-..."; X-Api-Key: ), which would require the LLM to handle and sometimes emit secret values verbatim when constructing requests or code—creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and interprets user-generated GitHub repository content (see GitHub Integration tools like ListGithubRepositories and GetGithubRepositoryContent in SKILL.md and the quick-deploy scripts) to auto-detect build/config and drive deployment actions, so arbitrary third‑party repo content can materially influence the agent's behavior.