vercel-to-createos

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks the agent to collect environment variable values from the user and then call UpdateProjectEnvironmentEnvironmentVariables to set them (i.e., include secret API keys/tokens/database URLs verbatim in API request payloads), which requires the LLM to handle and transmit secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow Step 1 explicitly reads files from the user's GitHub repository (e.g., vercel.json, package.json, next.config.js) via repository/GitHub calls (ListGithubRepositories, ListConnectedGithubAccounts) and uses that untrusted repository content to detect framework, derive build/run commands, and construct CreateOS API calls, so third-party/user-generated content is ingested and can materially change tool actions.